General

  • Target

    832d46f6a40a58de116eca766561f4fa6a36489b14a9cab048428e46c7e18486

  • Size

    162KB

  • Sample

    210628-a52a3wps56

  • MD5

    2ceceee86406a55e2f8b0c65125253a8

  • SHA1

    b4f8f6636f0670314a38887e54b362f72b95c024

  • SHA256

    832d46f6a40a58de116eca766561f4fa6a36489b14a9cab048428e46c7e18486

  • SHA512

    75b94bf45a76e067e01608fef88e8b04049c9d596b74d490b0e4e2f3a99555e2beb638ce45e145672a0c40d74c4bb005fbfad941009050b3ca67e082bd924c97

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      832d46f6a40a58de116eca766561f4fa6a36489b14a9cab048428e46c7e18486

    • Size

      162KB

    • MD5

      2ceceee86406a55e2f8b0c65125253a8

    • SHA1

      b4f8f6636f0670314a38887e54b362f72b95c024

    • SHA256

      832d46f6a40a58de116eca766561f4fa6a36489b14a9cab048428e46c7e18486

    • SHA512

      75b94bf45a76e067e01608fef88e8b04049c9d596b74d490b0e4e2f3a99555e2beb638ce45e145672a0c40d74c4bb005fbfad941009050b3ca67e082bd924c97

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks