General

  • Target

    2bbc638d95b5c6d92d7ad5b95fb155910d32b4a31cd9440bf23769886557a115

  • Size

    162KB

  • Sample

    210621-a1ajgnpmqn

  • MD5

    036a7d5fa630ca9f16ad0d95708cef33

  • SHA1

    9c70f971da782149d3585c282feda308689cc2d0

  • SHA256

    2bbc638d95b5c6d92d7ad5b95fb155910d32b4a31cd9440bf23769886557a115

  • SHA512

    5326e4dd441ee2eca4fa9f9e11f9b15941a34c9d6fd9b75833102b3a5b9571d2ea057647ef5bcfc0c20d719e61243afabee1df0bedd3a662948697efb8dc581c

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      2bbc638d95b5c6d92d7ad5b95fb155910d32b4a31cd9440bf23769886557a115

    • Size

      162KB

    • MD5

      036a7d5fa630ca9f16ad0d95708cef33

    • SHA1

      9c70f971da782149d3585c282feda308689cc2d0

    • SHA256

      2bbc638d95b5c6d92d7ad5b95fb155910d32b4a31cd9440bf23769886557a115

    • SHA512

      5326e4dd441ee2eca4fa9f9e11f9b15941a34c9d6fd9b75833102b3a5b9571d2ea057647ef5bcfc0c20d719e61243afabee1df0bedd3a662948697efb8dc581c

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks