General

  • Target

    e537432e0f2eb2ee1707d8b0650e27776a9edab443c61acbcf0ca2d11b1121ea

  • Size

    162KB

  • Sample

    210622-xdr99rmzbs

  • MD5

    5c18c3ace805a43bb3ab6d1f4834cf38

  • SHA1

    a2bae7ccb270207b4ac8a014ec43dd15247d9dd3

  • SHA256

    e537432e0f2eb2ee1707d8b0650e27776a9edab443c61acbcf0ca2d11b1121ea

  • SHA512

    f176bcb701cb83e7f52d9042187044c852afcfb12f7b50716e630b3158b9a6916c55b300f726d6cd4a5a7cbfa9a2214f93e71f25881c8be59fcbb6f388dddf20

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      e537432e0f2eb2ee1707d8b0650e27776a9edab443c61acbcf0ca2d11b1121ea

    • Size

      162KB

    • MD5

      5c18c3ace805a43bb3ab6d1f4834cf38

    • SHA1

      a2bae7ccb270207b4ac8a014ec43dd15247d9dd3

    • SHA256

      e537432e0f2eb2ee1707d8b0650e27776a9edab443c61acbcf0ca2d11b1121ea

    • SHA512

      f176bcb701cb83e7f52d9042187044c852afcfb12f7b50716e630b3158b9a6916c55b300f726d6cd4a5a7cbfa9a2214f93e71f25881c8be59fcbb6f388dddf20

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks