General

  • Target

    6a95dd5f78d828794de5678695656d8a124c18ccef922d0b3d9eaed9a04b0d74

  • Size

    162KB

  • Sample

    210628-3zkbr5ln5e

  • MD5

    b1c940b3e520be2da939349ff8bdc2bc

  • SHA1

    cc43fa8297161b8b056df98a316531b1af48c68f

  • SHA256

    6a95dd5f78d828794de5678695656d8a124c18ccef922d0b3d9eaed9a04b0d74

  • SHA512

    37041a6c95d9b15a0613132ef02ea105df7767aec60a76bad8f41889b429708edf9d711a4b519273a3262352d34936d9cd795544dc7f882d76d74138322928b8

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      6a95dd5f78d828794de5678695656d8a124c18ccef922d0b3d9eaed9a04b0d74

    • Size

      162KB

    • MD5

      b1c940b3e520be2da939349ff8bdc2bc

    • SHA1

      cc43fa8297161b8b056df98a316531b1af48c68f

    • SHA256

      6a95dd5f78d828794de5678695656d8a124c18ccef922d0b3d9eaed9a04b0d74

    • SHA512

      37041a6c95d9b15a0613132ef02ea105df7767aec60a76bad8f41889b429708edf9d711a4b519273a3262352d34936d9cd795544dc7f882d76d74138322928b8

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks