General

  • Target

    a0c7767ccd40b841176f35e43c8c2ea2e7a0963847a993e61666a18a6fc672fc

  • Size

    162KB

  • Sample

    210623-s1etlr57ba

  • MD5

    5a395bb5e26f7b926781f7ef0ae3a5dc

  • SHA1

    13e32dd013129e56e4ceaf56cb0fd3e0600127fd

  • SHA256

    a0c7767ccd40b841176f35e43c8c2ea2e7a0963847a993e61666a18a6fc672fc

  • SHA512

    20b146866210befccfcdbd965d1a45b6c5f5f83218f0ed305246c47b28bfb892949e20dbd05c075db70aa2270afd58cbcf395fa5d061bb5cfdde5335f08c0300

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      a0c7767ccd40b841176f35e43c8c2ea2e7a0963847a993e61666a18a6fc672fc

    • Size

      162KB

    • MD5

      5a395bb5e26f7b926781f7ef0ae3a5dc

    • SHA1

      13e32dd013129e56e4ceaf56cb0fd3e0600127fd

    • SHA256

      a0c7767ccd40b841176f35e43c8c2ea2e7a0963847a993e61666a18a6fc672fc

    • SHA512

      20b146866210befccfcdbd965d1a45b6c5f5f83218f0ed305246c47b28bfb892949e20dbd05c075db70aa2270afd58cbcf395fa5d061bb5cfdde5335f08c0300

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks