General

  • Target

    abbdce27380b94ba9dbfc23f9e982dbf14125cbab9ad6ac65e1723824a661bbc

  • Size

    162KB

  • Sample

    210621-exmvqxjrdn

  • MD5

    f1d2bb6f0951d66e5c1cce2d60464e8f

  • SHA1

    6012900b5311bb686d5eeaabec5c205974af296c

  • SHA256

    abbdce27380b94ba9dbfc23f9e982dbf14125cbab9ad6ac65e1723824a661bbc

  • SHA512

    e4770512bdc4961b490c6f8e4191cbad472e4ceb07075afa376ba629855a996207e04357186394a7a852596c1985c705fbf97f69855ec67cabf82e6be48268a8

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      abbdce27380b94ba9dbfc23f9e982dbf14125cbab9ad6ac65e1723824a661bbc

    • Size

      162KB

    • MD5

      f1d2bb6f0951d66e5c1cce2d60464e8f

    • SHA1

      6012900b5311bb686d5eeaabec5c205974af296c

    • SHA256

      abbdce27380b94ba9dbfc23f9e982dbf14125cbab9ad6ac65e1723824a661bbc

    • SHA512

      e4770512bdc4961b490c6f8e4191cbad472e4ceb07075afa376ba629855a996207e04357186394a7a852596c1985c705fbf97f69855ec67cabf82e6be48268a8

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks