General

  • Target

    1800a29b659e7c38edc8d7af6ff9451bd5238e569e2a9fdf8a7923c725d106cd

  • Size

    162KB

  • Sample

    210622-xyaflfge3n

  • MD5

    bc87b64bdaa0547149d49dbeec36612c

  • SHA1

    a6539e703a2cf387d0cc3576334b78ea7ed420e1

  • SHA256

    1800a29b659e7c38edc8d7af6ff9451bd5238e569e2a9fdf8a7923c725d106cd

  • SHA512

    f99ab7f271166cf77d665749f79a76f7f89c0e4a956355113481f884fd21bba20c9ccaacfa280e14fa0a3d720eab5e69e70ea41e989e19e68787270a95c5e36f

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      1800a29b659e7c38edc8d7af6ff9451bd5238e569e2a9fdf8a7923c725d106cd

    • Size

      162KB

    • MD5

      bc87b64bdaa0547149d49dbeec36612c

    • SHA1

      a6539e703a2cf387d0cc3576334b78ea7ed420e1

    • SHA256

      1800a29b659e7c38edc8d7af6ff9451bd5238e569e2a9fdf8a7923c725d106cd

    • SHA512

      f99ab7f271166cf77d665749f79a76f7f89c0e4a956355113481f884fd21bba20c9ccaacfa280e14fa0a3d720eab5e69e70ea41e989e19e68787270a95c5e36f

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks