General

  • Target

    aa3edb0105b0ddb946ef795a73a06008d66e9640fcdd57ed90d50d0beae49c64

  • Size

    162KB

  • Sample

    210623-y7n83zzrjj

  • MD5

    3422a52a55758550ce7a2b1a40b467a3

  • SHA1

    bd72cfef22934c321828a6335a620818b007d9be

  • SHA256

    aa3edb0105b0ddb946ef795a73a06008d66e9640fcdd57ed90d50d0beae49c64

  • SHA512

    3c821d99dd7d56d47b1cdc81b0c5bccacf8a4d2e2965057b3f56b386b7a0f4fcd347be5bf60d40c4fe36e13d3fa0ecd368a31b1616059e7adffc5f57315b2e9b

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      aa3edb0105b0ddb946ef795a73a06008d66e9640fcdd57ed90d50d0beae49c64

    • Size

      162KB

    • MD5

      3422a52a55758550ce7a2b1a40b467a3

    • SHA1

      bd72cfef22934c321828a6335a620818b007d9be

    • SHA256

      aa3edb0105b0ddb946ef795a73a06008d66e9640fcdd57ed90d50d0beae49c64

    • SHA512

      3c821d99dd7d56d47b1cdc81b0c5bccacf8a4d2e2965057b3f56b386b7a0f4fcd347be5bf60d40c4fe36e13d3fa0ecd368a31b1616059e7adffc5f57315b2e9b

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks