General

  • Target

    9c728f52de866bcad824dbf847d0e21cf3bda1b311aa510078c37babe5ff3fce

  • Size

    158KB

  • Sample

    210621-xgejc3ph62

  • MD5

    ca12ee855117680110a1d44c9eec2e9c

  • SHA1

    bba0c26a99a373a8997cfb4e0703ecc22fc44632

  • SHA256

    9c728f52de866bcad824dbf847d0e21cf3bda1b311aa510078c37babe5ff3fce

  • SHA512

    6ef7abdb1ebf09eeca26c5dba96d77df385cd1a1d944d2277812d25893a09382514a180870726590544f918872258163406be1edd29e9e5ac51f2e220da4d2f2

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

8.210.53.215:443

72.249.22.245:2303

188.40.137.206:8172

rc4.plain
rc4.plain

Targets

    • Target

      9c728f52de866bcad824dbf847d0e21cf3bda1b311aa510078c37babe5ff3fce

    • Size

      158KB

    • MD5

      ca12ee855117680110a1d44c9eec2e9c

    • SHA1

      bba0c26a99a373a8997cfb4e0703ecc22fc44632

    • SHA256

      9c728f52de866bcad824dbf847d0e21cf3bda1b311aa510078c37babe5ff3fce

    • SHA512

      6ef7abdb1ebf09eeca26c5dba96d77df385cd1a1d944d2277812d25893a09382514a180870726590544f918872258163406be1edd29e9e5ac51f2e220da4d2f2

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks