General

  • Target

    909f47a71b58d38d71146c20081ade260a2ef4bbfb068ca15a3cc59e4739930c

  • Size

    162KB

  • Sample

    210628-f8ljbltdd2

  • MD5

    f3ca3c292a70a875e67c2bd909560546

  • SHA1

    fa9cd9e220f1c986446db1b858eff4b9a6c84212

  • SHA256

    909f47a71b58d38d71146c20081ade260a2ef4bbfb068ca15a3cc59e4739930c

  • SHA512

    eb891d1aa3505e3f8a5d44493764b8c0e92da5fc4e5c75df773dfc91e48db91e7efc51cb6c17202b2c054d01ab15442028ffe1e4c57b7b47e4cd006b3db15ee4

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      909f47a71b58d38d71146c20081ade260a2ef4bbfb068ca15a3cc59e4739930c

    • Size

      162KB

    • MD5

      f3ca3c292a70a875e67c2bd909560546

    • SHA1

      fa9cd9e220f1c986446db1b858eff4b9a6c84212

    • SHA256

      909f47a71b58d38d71146c20081ade260a2ef4bbfb068ca15a3cc59e4739930c

    • SHA512

      eb891d1aa3505e3f8a5d44493764b8c0e92da5fc4e5c75df773dfc91e48db91e7efc51cb6c17202b2c054d01ab15442028ffe1e4c57b7b47e4cd006b3db15ee4

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks