General

  • Target

    d37ae581ecad3f93fe26e9a239181fef6632a60cae2f82b2ba9854f1011f28ff

  • Size

    158KB

  • Sample

    210623-c4ddlnyahe

  • MD5

    a7e6cc6f2b2b500045090b5368802808

  • SHA1

    d5dbe6826b893fd9164c6f35dfb2aea7b9543719

  • SHA256

    d37ae581ecad3f93fe26e9a239181fef6632a60cae2f82b2ba9854f1011f28ff

  • SHA512

    3a9877274e361b2af8d68a3d61da90719562019c320d49195941398ee9a876db01b4d2591d67d992696c1dfcff751693c54900f2b0b3692483a413b4e647ec32

Malware Config

Extracted

Family

dridex

Botnet

40111

C2

8.210.53.215:443

72.249.22.245:2303

188.40.137.206:8172

rc4.plain
rc4.plain

Targets

    • Target

      d37ae581ecad3f93fe26e9a239181fef6632a60cae2f82b2ba9854f1011f28ff

    • Size

      158KB

    • MD5

      a7e6cc6f2b2b500045090b5368802808

    • SHA1

      d5dbe6826b893fd9164c6f35dfb2aea7b9543719

    • SHA256

      d37ae581ecad3f93fe26e9a239181fef6632a60cae2f82b2ba9854f1011f28ff

    • SHA512

      3a9877274e361b2af8d68a3d61da90719562019c320d49195941398ee9a876db01b4d2591d67d992696c1dfcff751693c54900f2b0b3692483a413b4e647ec32

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks