General

  • Target

    b1ae744d28909e466f92f6ad76a1d6d44cbb336a07c55a159bc5cca03590acd4

  • Size

    162KB

  • Sample

    210628-1bprfa5xm6

  • MD5

    6a167886c4893e70224a317e8aec57f9

  • SHA1

    a4e3f9345d2baf1288da8598394bf03dbd4a2ab5

  • SHA256

    b1ae744d28909e466f92f6ad76a1d6d44cbb336a07c55a159bc5cca03590acd4

  • SHA512

    826e5d35ba5e9a4802a6a89d0c5764f2c2b6912a9512d7ba106df10ed7f278cf50312874c8e673f9fcb1b6d0e71fc3b3f44225d453b1134327155859d94225a9

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      b1ae744d28909e466f92f6ad76a1d6d44cbb336a07c55a159bc5cca03590acd4

    • Size

      162KB

    • MD5

      6a167886c4893e70224a317e8aec57f9

    • SHA1

      a4e3f9345d2baf1288da8598394bf03dbd4a2ab5

    • SHA256

      b1ae744d28909e466f92f6ad76a1d6d44cbb336a07c55a159bc5cca03590acd4

    • SHA512

      826e5d35ba5e9a4802a6a89d0c5764f2c2b6912a9512d7ba106df10ed7f278cf50312874c8e673f9fcb1b6d0e71fc3b3f44225d453b1134327155859d94225a9

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks