General

  • Target

    fa69a902335582c418818158fdc24a0a5d74e5b1132eca95c300f45fbf12c3a8

  • Size

    162KB

  • Sample

    210628-js7g12ed12

  • MD5

    184f65d5d4bb3263d495fb1ccdccdfc2

  • SHA1

    863726a03dec8be9d0a5ba78be4f6dfe0f793522

  • SHA256

    fa69a902335582c418818158fdc24a0a5d74e5b1132eca95c300f45fbf12c3a8

  • SHA512

    2cb7c2f0a672f130ff581a4271b6c2cf423b828b9e50b840041609b2fa417da6fde54996e12d30953f93f17b859162846e839a31ec4983d8615bcc6f418444f3

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      fa69a902335582c418818158fdc24a0a5d74e5b1132eca95c300f45fbf12c3a8

    • Size

      162KB

    • MD5

      184f65d5d4bb3263d495fb1ccdccdfc2

    • SHA1

      863726a03dec8be9d0a5ba78be4f6dfe0f793522

    • SHA256

      fa69a902335582c418818158fdc24a0a5d74e5b1132eca95c300f45fbf12c3a8

    • SHA512

      2cb7c2f0a672f130ff581a4271b6c2cf423b828b9e50b840041609b2fa417da6fde54996e12d30953f93f17b859162846e839a31ec4983d8615bcc6f418444f3

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks