General

  • Target

    00ea2f3e8c3060972569f6380a63c96bdcc307a9588dd7955b80b6b16e53d90b

  • Size

    162KB

  • Sample

    210622-frbz9cc7de

  • MD5

    7f168f908622c31277a8c37729d2cd25

  • SHA1

    7b139e2c7ced1dd3b19b2f7c7a6ef32ca6e5b396

  • SHA256

    00ea2f3e8c3060972569f6380a63c96bdcc307a9588dd7955b80b6b16e53d90b

  • SHA512

    4614142162eb57180e1ac69460ad17058c6a58d3ed31847a78040bc99dcfa433e94d93ebfbf12c23fa3b366bb1074b692ee96f279d4058b744dd44d227693254

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      00ea2f3e8c3060972569f6380a63c96bdcc307a9588dd7955b80b6b16e53d90b

    • Size

      162KB

    • MD5

      7f168f908622c31277a8c37729d2cd25

    • SHA1

      7b139e2c7ced1dd3b19b2f7c7a6ef32ca6e5b396

    • SHA256

      00ea2f3e8c3060972569f6380a63c96bdcc307a9588dd7955b80b6b16e53d90b

    • SHA512

      4614142162eb57180e1ac69460ad17058c6a58d3ed31847a78040bc99dcfa433e94d93ebfbf12c23fa3b366bb1074b692ee96f279d4058b744dd44d227693254

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks