General

  • Target

    362017ccebc75da4dada9090cb4e77d07642765d20bf0d0221868e8dfc2df61d

  • Size

    162KB

  • Sample

    210623-snht16f3nn

  • MD5

    71ac9f8a5af139f454483f2ae52b1159

  • SHA1

    aa30a7ea0f970cda0930062aa976cb5c17f00414

  • SHA256

    362017ccebc75da4dada9090cb4e77d07642765d20bf0d0221868e8dfc2df61d

  • SHA512

    42998dec247104186cbe74f4d0b244857c90d6ad3acb99925388942196010439cb83789f1c1c78dc5dffda9dd9140bdf175051685eb62fe44c1a6729234f0a73

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      362017ccebc75da4dada9090cb4e77d07642765d20bf0d0221868e8dfc2df61d

    • Size

      162KB

    • MD5

      71ac9f8a5af139f454483f2ae52b1159

    • SHA1

      aa30a7ea0f970cda0930062aa976cb5c17f00414

    • SHA256

      362017ccebc75da4dada9090cb4e77d07642765d20bf0d0221868e8dfc2df61d

    • SHA512

      42998dec247104186cbe74f4d0b244857c90d6ad3acb99925388942196010439cb83789f1c1c78dc5dffda9dd9140bdf175051685eb62fe44c1a6729234f0a73

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks