General

  • Target

    3e98a977fdc3a49aa72901a630e3d780fa547c50f2d4fa1dae5de9fee84f07d7

  • Size

    158KB

  • Sample

    210621-tw6655yxrj

  • MD5

    ab9b37380144c0739e244d12550f5c2c

  • SHA1

    4c77e44fb022e02f9a174c2f5bc5b4ae5e4b2634

  • SHA256

    3e98a977fdc3a49aa72901a630e3d780fa547c50f2d4fa1dae5de9fee84f07d7

  • SHA512

    2db872640c992c11e452a2ea4d33c19518bed88c821d3fb187d450ca590098681b2d569b0b0354c38583ff126b46eefc866d39645ccbee1df910fbbda06e12a5

Malware Config

Extracted

Family

dridex

Botnet

40111

C2

8.210.53.215:443

72.249.22.245:2303

188.40.137.206:8172

rc4.plain
rc4.plain

Targets

    • Target

      3e98a977fdc3a49aa72901a630e3d780fa547c50f2d4fa1dae5de9fee84f07d7

    • Size

      158KB

    • MD5

      ab9b37380144c0739e244d12550f5c2c

    • SHA1

      4c77e44fb022e02f9a174c2f5bc5b4ae5e4b2634

    • SHA256

      3e98a977fdc3a49aa72901a630e3d780fa547c50f2d4fa1dae5de9fee84f07d7

    • SHA512

      2db872640c992c11e452a2ea4d33c19518bed88c821d3fb187d450ca590098681b2d569b0b0354c38583ff126b46eefc866d39645ccbee1df910fbbda06e12a5

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks