General

  • Target

    6d4d8ccecae5c0d6537c9c530287933d2e492beb595b0e1ac4183a8202ce9cd6

  • Size

    162KB

  • Sample

    210623-kkqyacsjqs

  • MD5

    0198f860f8907ef68011dce11458b14a

  • SHA1

    bfeb96062e3970bdd526248b37a7badd8f10185f

  • SHA256

    6d4d8ccecae5c0d6537c9c530287933d2e492beb595b0e1ac4183a8202ce9cd6

  • SHA512

    26f6ca48f8baf8701fac6f0c71853f7af99961b450e1219fde2aad74fcef27a8a0b0e612ce384f1db0661f24d6a8bbb9b5e883e5ac3019e781d2ffabfd3bc092

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      6d4d8ccecae5c0d6537c9c530287933d2e492beb595b0e1ac4183a8202ce9cd6

    • Size

      162KB

    • MD5

      0198f860f8907ef68011dce11458b14a

    • SHA1

      bfeb96062e3970bdd526248b37a7badd8f10185f

    • SHA256

      6d4d8ccecae5c0d6537c9c530287933d2e492beb595b0e1ac4183a8202ce9cd6

    • SHA512

      26f6ca48f8baf8701fac6f0c71853f7af99961b450e1219fde2aad74fcef27a8a0b0e612ce384f1db0661f24d6a8bbb9b5e883e5ac3019e781d2ffabfd3bc092

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks