General

  • Target

    cf6c3c8acfa8f354ec85ab2c72678e3f3b0dcead2a539bbd541d35b43a109347

  • Size

    162KB

  • Sample

    210621-ztrvkzg466

  • MD5

    b4c9883e1c38e07dbb091e1414859b79

  • SHA1

    6ed8037bb2535bba3a015e21cd6d51dc9b1f8c15

  • SHA256

    cf6c3c8acfa8f354ec85ab2c72678e3f3b0dcead2a539bbd541d35b43a109347

  • SHA512

    59f13cce7c0e53a58ff870f19efb3d5510d42ff44b92714d10d40196c179c4e90916482b8b6a85bed75c4cf3dbe6be14af0b3231136361f93795bbab31ee80bd

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      cf6c3c8acfa8f354ec85ab2c72678e3f3b0dcead2a539bbd541d35b43a109347

    • Size

      162KB

    • MD5

      b4c9883e1c38e07dbb091e1414859b79

    • SHA1

      6ed8037bb2535bba3a015e21cd6d51dc9b1f8c15

    • SHA256

      cf6c3c8acfa8f354ec85ab2c72678e3f3b0dcead2a539bbd541d35b43a109347

    • SHA512

      59f13cce7c0e53a58ff870f19efb3d5510d42ff44b92714d10d40196c179c4e90916482b8b6a85bed75c4cf3dbe6be14af0b3231136361f93795bbab31ee80bd

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks