General

  • Target

    b5ec42112f7035e68e0dd3801b5d80a29e9e3f15b5b4294d80baebeee51ea568

  • Size

    162KB

  • Sample

    210622-h5nvlp41m6

  • MD5

    0eedcc986388c9589a6bb78e0d4161af

  • SHA1

    65c4006689c154d8fbd87672db1c585fd81dc849

  • SHA256

    b5ec42112f7035e68e0dd3801b5d80a29e9e3f15b5b4294d80baebeee51ea568

  • SHA512

    8fb5116932434898a34d47005a21aaecbfc4f38a68849d2cb2c5822e20801e96017e04179dbe542f03a3c93bdb50e5ee9317f66015d755f2624e6ea505febbb6

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      b5ec42112f7035e68e0dd3801b5d80a29e9e3f15b5b4294d80baebeee51ea568

    • Size

      162KB

    • MD5

      0eedcc986388c9589a6bb78e0d4161af

    • SHA1

      65c4006689c154d8fbd87672db1c585fd81dc849

    • SHA256

      b5ec42112f7035e68e0dd3801b5d80a29e9e3f15b5b4294d80baebeee51ea568

    • SHA512

      8fb5116932434898a34d47005a21aaecbfc4f38a68849d2cb2c5822e20801e96017e04179dbe542f03a3c93bdb50e5ee9317f66015d755f2624e6ea505febbb6

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks