General

  • Target

    73256bda11687e0a77b36c2f5e056049ca3e47fecf8d25ea23be492ca38d1701

  • Size

    160KB

  • Sample

    210624-y4hsf3n76n

  • MD5

    ecd0b122b739644a1072c92f1a58b88f

  • SHA1

    e250b427d20a72a600b777b0add721f67892bffa

  • SHA256

    73256bda11687e0a77b36c2f5e056049ca3e47fecf8d25ea23be492ca38d1701

  • SHA512

    d0adc166c6cc1d1d39f33a21919d93837f85638d25d9630eab8894c74341879e33425bd30f6d4f641637ba2fc9242316637cf062ee4394a4cbf72b1493f4a3e4

Malware Config

Extracted

Family

dridex

Botnet

40111

C2

94.247.168.64:443

159.203.93.122:8172

50.116.27.97:2303

rc4.plain
rc4.plain

Targets

    • Target

      73256bda11687e0a77b36c2f5e056049ca3e47fecf8d25ea23be492ca38d1701

    • Size

      160KB

    • MD5

      ecd0b122b739644a1072c92f1a58b88f

    • SHA1

      e250b427d20a72a600b777b0add721f67892bffa

    • SHA256

      73256bda11687e0a77b36c2f5e056049ca3e47fecf8d25ea23be492ca38d1701

    • SHA512

      d0adc166c6cc1d1d39f33a21919d93837f85638d25d9630eab8894c74341879e33425bd30f6d4f641637ba2fc9242316637cf062ee4394a4cbf72b1493f4a3e4

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks