General

  • Target

    795f5edde5b4f200c9dba95aec8dbc8150178874678f957a6c02ccfba6840ccb

  • Size

    158KB

  • Sample

    210621-8khtl4rqa6

  • MD5

    d83a098f5d203bc40657f65a2482e94e

  • SHA1

    586cf276243ec00557c067ad6ab5484c8ab9ca98

  • SHA256

    795f5edde5b4f200c9dba95aec8dbc8150178874678f957a6c02ccfba6840ccb

  • SHA512

    7fab3f8fcf2f41ace2d3280db8c24c5e98757c8222f7ffce383c86779ecdfc700209a23caec0d8f66bd06ad79884ea8233ccc2a2440a84b6a6522d591edb88df

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

8.210.53.215:443

72.249.22.245:2303

188.40.137.206:8172

rc4.plain
rc4.plain

Targets

    • Target

      795f5edde5b4f200c9dba95aec8dbc8150178874678f957a6c02ccfba6840ccb

    • Size

      158KB

    • MD5

      d83a098f5d203bc40657f65a2482e94e

    • SHA1

      586cf276243ec00557c067ad6ab5484c8ab9ca98

    • SHA256

      795f5edde5b4f200c9dba95aec8dbc8150178874678f957a6c02ccfba6840ccb

    • SHA512

      7fab3f8fcf2f41ace2d3280db8c24c5e98757c8222f7ffce383c86779ecdfc700209a23caec0d8f66bd06ad79884ea8233ccc2a2440a84b6a6522d591edb88df

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks