General

  • Target

    c8de8df04552f5e701c7b9bc918973b39758811f8136d79d159bc572f796f65b

  • Size

    162KB

  • Sample

    210624-psa8pkrrvs

  • MD5

    20289a88ebb3524a07b5ed46e0b6285a

  • SHA1

    0c3a060c1ad094dfbc59563d9749f2745bf87ca3

  • SHA256

    c8de8df04552f5e701c7b9bc918973b39758811f8136d79d159bc572f796f65b

  • SHA512

    1dd9d6a21bc7b05e65fc6a8d3dd46b796a375a3e0d60c3b31c4f972714ae8cdbd84b8d68959a24dcf13be85d05b8a3b641c5e062594e38b8d68092875ae68ba7

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      c8de8df04552f5e701c7b9bc918973b39758811f8136d79d159bc572f796f65b

    • Size

      162KB

    • MD5

      20289a88ebb3524a07b5ed46e0b6285a

    • SHA1

      0c3a060c1ad094dfbc59563d9749f2745bf87ca3

    • SHA256

      c8de8df04552f5e701c7b9bc918973b39758811f8136d79d159bc572f796f65b

    • SHA512

      1dd9d6a21bc7b05e65fc6a8d3dd46b796a375a3e0d60c3b31c4f972714ae8cdbd84b8d68959a24dcf13be85d05b8a3b641c5e062594e38b8d68092875ae68ba7

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks