General

  • Target

    b1cc120163f43132bbeee1161dcc99fe077beea8fa64be14ebdc58b34aa58ab6

  • Size

    158KB

  • Sample

    210622-tcetttabtn

  • MD5

    e5677e9bb7244954d22c97b99fecdc3c

  • SHA1

    114862ea01e96705793e197b3029731a61afc5a6

  • SHA256

    b1cc120163f43132bbeee1161dcc99fe077beea8fa64be14ebdc58b34aa58ab6

  • SHA512

    cbba32eb638f3343d76ffe9ef00c88f4481b451e077292199337ae072e3602a4eddea98109f458fd4fda347b3f55671f45c44319a64c335731b4bcd0f288e513

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

8.210.53.215:443

72.249.22.245:2303

188.40.137.206:8172

rc4.plain
rc4.plain

Targets

    • Target

      b1cc120163f43132bbeee1161dcc99fe077beea8fa64be14ebdc58b34aa58ab6

    • Size

      158KB

    • MD5

      e5677e9bb7244954d22c97b99fecdc3c

    • SHA1

      114862ea01e96705793e197b3029731a61afc5a6

    • SHA256

      b1cc120163f43132bbeee1161dcc99fe077beea8fa64be14ebdc58b34aa58ab6

    • SHA512

      cbba32eb638f3343d76ffe9ef00c88f4481b451e077292199337ae072e3602a4eddea98109f458fd4fda347b3f55671f45c44319a64c335731b4bcd0f288e513

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks