General

  • Target

    63a848b84056565c90b45930d7b9891f08474f3d1d78bd402cd29ca538105a27

  • Size

    162KB

  • Sample

    210621-wm8n9mpx7j

  • MD5

    6e00d8dd2e0720a36b49acaa98a8d35f

  • SHA1

    3cabb9c4c223c86c3c4fd8f041edb9ae1d96d237

  • SHA256

    63a848b84056565c90b45930d7b9891f08474f3d1d78bd402cd29ca538105a27

  • SHA512

    40ee5237bae0f9dcfe4a3e46ac4489ace4720978eb658fc6d63e7e1cfebc96b468ab0247d2334e539163561540c48edd11a5caa3bc2e271c676ecd69b1640dae

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      63a848b84056565c90b45930d7b9891f08474f3d1d78bd402cd29ca538105a27

    • Size

      162KB

    • MD5

      6e00d8dd2e0720a36b49acaa98a8d35f

    • SHA1

      3cabb9c4c223c86c3c4fd8f041edb9ae1d96d237

    • SHA256

      63a848b84056565c90b45930d7b9891f08474f3d1d78bd402cd29ca538105a27

    • SHA512

      40ee5237bae0f9dcfe4a3e46ac4489ace4720978eb658fc6d63e7e1cfebc96b468ab0247d2334e539163561540c48edd11a5caa3bc2e271c676ecd69b1640dae

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks