General

  • Target

    20e85420fbeaa364abd8f9363fdbd996bb86186e0874f59cf9b042019c2f640d

  • Size

    162KB

  • Sample

    210622-lflsaxn3ve

  • MD5

    508f6bb9adc9cd1fde53c66a6811fea9

  • SHA1

    a6266f1a3c733bb51c5dfae8360c8ccfbc0e668e

  • SHA256

    20e85420fbeaa364abd8f9363fdbd996bb86186e0874f59cf9b042019c2f640d

  • SHA512

    ba7999236be6e1f50d72cd2b29ad7f270895f9919c79c38cf5e23c3211f91280e0e12e722630e3913f9ce5dfe36673ee14e3cb0434e6ecb0013f7f57a62a9093

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      20e85420fbeaa364abd8f9363fdbd996bb86186e0874f59cf9b042019c2f640d

    • Size

      162KB

    • MD5

      508f6bb9adc9cd1fde53c66a6811fea9

    • SHA1

      a6266f1a3c733bb51c5dfae8360c8ccfbc0e668e

    • SHA256

      20e85420fbeaa364abd8f9363fdbd996bb86186e0874f59cf9b042019c2f640d

    • SHA512

      ba7999236be6e1f50d72cd2b29ad7f270895f9919c79c38cf5e23c3211f91280e0e12e722630e3913f9ce5dfe36673ee14e3cb0434e6ecb0013f7f57a62a9093

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks