General

  • Target

    ef41e4a475e7b936e3fd5ede10b65c06c73209f66541747320dee2bdc47dcfc8

  • Size

    162KB

  • Sample

    210621-961zd771js

  • MD5

    99aca8b88842b644cb329b79bebf0a43

  • SHA1

    555d2f3b1527a85304ad8b15592aa7be4406d029

  • SHA256

    ef41e4a475e7b936e3fd5ede10b65c06c73209f66541747320dee2bdc47dcfc8

  • SHA512

    c7e5f966e05488ba2f76761d2caf2f24409947a1263d95871732f87f64e33341e690d4060faa1d5e3d78bfcdb86da8d8d5d66a64c5cde2433a25e730da0ef6cc

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      ef41e4a475e7b936e3fd5ede10b65c06c73209f66541747320dee2bdc47dcfc8

    • Size

      162KB

    • MD5

      99aca8b88842b644cb329b79bebf0a43

    • SHA1

      555d2f3b1527a85304ad8b15592aa7be4406d029

    • SHA256

      ef41e4a475e7b936e3fd5ede10b65c06c73209f66541747320dee2bdc47dcfc8

    • SHA512

      c7e5f966e05488ba2f76761d2caf2f24409947a1263d95871732f87f64e33341e690d4060faa1d5e3d78bfcdb86da8d8d5d66a64c5cde2433a25e730da0ef6cc

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks