General

  • Target

    93fd2392c6045fc3a48b98d9605bf514c30b8b05e35f0129c5e702dd19f37de7

  • Size

    158KB

  • Sample

    210628-ej1cq9kbf6

  • MD5

    dd3d792a7943066d35252790ef09d2c1

  • SHA1

    f466485ffca30f2c87e5a0ca5e25bb47eeed358d

  • SHA256

    93fd2392c6045fc3a48b98d9605bf514c30b8b05e35f0129c5e702dd19f37de7

  • SHA512

    08822dcbadd65d8fd06006997d7e303d6017398f37f6454fe8f1e1b2cd290ab42cb92753ed3e67a4f13208906be32b954f598f2926e188fb07b77be9d0c8e22b

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

8.210.53.215:443

72.249.22.245:2303

188.40.137.206:8172

rc4.plain
rc4.plain

Targets

    • Target

      93fd2392c6045fc3a48b98d9605bf514c30b8b05e35f0129c5e702dd19f37de7

    • Size

      158KB

    • MD5

      dd3d792a7943066d35252790ef09d2c1

    • SHA1

      f466485ffca30f2c87e5a0ca5e25bb47eeed358d

    • SHA256

      93fd2392c6045fc3a48b98d9605bf514c30b8b05e35f0129c5e702dd19f37de7

    • SHA512

      08822dcbadd65d8fd06006997d7e303d6017398f37f6454fe8f1e1b2cd290ab42cb92753ed3e67a4f13208906be32b954f598f2926e188fb07b77be9d0c8e22b

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks