General

  • Target

    6b1297d734e269689ec2d78ddabc6e0b9631403a29a32e0b9b54467d20727d71

  • Size

    162KB

  • Sample

    210621-wmpekbms5e

  • MD5

    e8047bf4be09d00ad0165dc499eff034

  • SHA1

    dc141c53ea8ce82035395a2b00dff285a362c31c

  • SHA256

    6b1297d734e269689ec2d78ddabc6e0b9631403a29a32e0b9b54467d20727d71

  • SHA512

    840605ac58de5e713fa9b75f4ed75865b55bfb1893254e629eaf37cd79538d3b9c8c2fc213a547f0f11fb1da40e38160f5a8b3c4779ed2af579838fb958518bd

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      6b1297d734e269689ec2d78ddabc6e0b9631403a29a32e0b9b54467d20727d71

    • Size

      162KB

    • MD5

      e8047bf4be09d00ad0165dc499eff034

    • SHA1

      dc141c53ea8ce82035395a2b00dff285a362c31c

    • SHA256

      6b1297d734e269689ec2d78ddabc6e0b9631403a29a32e0b9b54467d20727d71

    • SHA512

      840605ac58de5e713fa9b75f4ed75865b55bfb1893254e629eaf37cd79538d3b9c8c2fc213a547f0f11fb1da40e38160f5a8b3c4779ed2af579838fb958518bd

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks