General

  • Target

    d394a7ed5e317b52049c8e337da721c33e1afdeceffae9703e7b67ea89971413

  • Size

    158KB

  • Sample

    210621-l2qyrxms4e

  • MD5

    da0e89b14bbd732220e3e30d9af3d78d

  • SHA1

    dd1667e2875adf80730c591c6d42caea6e104e4c

  • SHA256

    d394a7ed5e317b52049c8e337da721c33e1afdeceffae9703e7b67ea89971413

  • SHA512

    fc5c25ee9294c0011185c958e8f65eb133dde10042e880c37d72091cd446f7be356c7f2cc188ba4eb767de6331e838d1e724bd233da2f481a00a6e17057c531b

Malware Config

Extracted

Family

dridex

Botnet

40111

C2

8.210.53.215:443

72.249.22.245:2303

188.40.137.206:8172

rc4.plain
rc4.plain

Targets

    • Target

      d394a7ed5e317b52049c8e337da721c33e1afdeceffae9703e7b67ea89971413

    • Size

      158KB

    • MD5

      da0e89b14bbd732220e3e30d9af3d78d

    • SHA1

      dd1667e2875adf80730c591c6d42caea6e104e4c

    • SHA256

      d394a7ed5e317b52049c8e337da721c33e1afdeceffae9703e7b67ea89971413

    • SHA512

      fc5c25ee9294c0011185c958e8f65eb133dde10042e880c37d72091cd446f7be356c7f2cc188ba4eb767de6331e838d1e724bd233da2f481a00a6e17057c531b

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks