General

  • Target

    4a80c55d86873a82a4898b75b1e364632d6e4c973f0772ca75276987bdb7e333

  • Size

    158KB

  • Sample

    210622-bv47y86mes

  • MD5

    3dbf7df764e6d1a473d8763a84c84bf7

  • SHA1

    f0a399b55acb6f7b5a7dd99508d8815cd8a2d2ff

  • SHA256

    4a80c55d86873a82a4898b75b1e364632d6e4c973f0772ca75276987bdb7e333

  • SHA512

    00056fbcf7dfef6d6a72b076efe7ba3314db123bf54c170cb57e1d66ce1403cad43f9cfccb452288f97e5d136db3b4c5c45115931523fa56778e8df0c53120a8

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

8.210.53.215:443

72.249.22.245:2303

188.40.137.206:8172

rc4.plain
rc4.plain

Targets

    • Target

      4a80c55d86873a82a4898b75b1e364632d6e4c973f0772ca75276987bdb7e333

    • Size

      158KB

    • MD5

      3dbf7df764e6d1a473d8763a84c84bf7

    • SHA1

      f0a399b55acb6f7b5a7dd99508d8815cd8a2d2ff

    • SHA256

      4a80c55d86873a82a4898b75b1e364632d6e4c973f0772ca75276987bdb7e333

    • SHA512

      00056fbcf7dfef6d6a72b076efe7ba3314db123bf54c170cb57e1d66ce1403cad43f9cfccb452288f97e5d136db3b4c5c45115931523fa56778e8df0c53120a8

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks