General

  • Target

    93423b8f815289bed96560c946c6c7a6cfbda2815962e1c4e89283e5b3528ef8

  • Size

    162KB

  • Sample

    210622-966q1h27xn

  • MD5

    def62fb8cc6e4589471abcfcff664ac8

  • SHA1

    253081f6d6760e2fbd9454b8c8af27666769d3d6

  • SHA256

    93423b8f815289bed96560c946c6c7a6cfbda2815962e1c4e89283e5b3528ef8

  • SHA512

    99c17d0b834bbd7a81b8ab2e2b1620a9114980b6c0048f93599a55a27c2f81b673ef9763f32ae47895f70972753409f9e2764bd5439668b60f43310f8871c510

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      93423b8f815289bed96560c946c6c7a6cfbda2815962e1c4e89283e5b3528ef8

    • Size

      162KB

    • MD5

      def62fb8cc6e4589471abcfcff664ac8

    • SHA1

      253081f6d6760e2fbd9454b8c8af27666769d3d6

    • SHA256

      93423b8f815289bed96560c946c6c7a6cfbda2815962e1c4e89283e5b3528ef8

    • SHA512

      99c17d0b834bbd7a81b8ab2e2b1620a9114980b6c0048f93599a55a27c2f81b673ef9763f32ae47895f70972753409f9e2764bd5439668b60f43310f8871c510

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks