General

  • Target

    7ba38d4d4115f56f3e1dfd74b91aa43ba5a62353dfcf258e9d8edde903b2fb77

  • Size

    158KB

  • Sample

    210628-nz7nlrrz36

  • MD5

    4708d65a7a7cf137e01d171bd9dc0460

  • SHA1

    15e8719b1cb2d3c4aaca43f9e7f9585e6a5e9eae

  • SHA256

    7ba38d4d4115f56f3e1dfd74b91aa43ba5a62353dfcf258e9d8edde903b2fb77

  • SHA512

    25a0239b6c8147b41089f26c4184a8df42b7974598d12cd0d4c3109fcbd6f6d11e581a5345e90c03ccee502ab6549fef69668007db0bc41ad11ae92889f3d3aa

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

8.210.53.215:443

72.249.22.245:2303

188.40.137.206:8172

rc4.plain
rc4.plain

Targets

    • Target

      7ba38d4d4115f56f3e1dfd74b91aa43ba5a62353dfcf258e9d8edde903b2fb77

    • Size

      158KB

    • MD5

      4708d65a7a7cf137e01d171bd9dc0460

    • SHA1

      15e8719b1cb2d3c4aaca43f9e7f9585e6a5e9eae

    • SHA256

      7ba38d4d4115f56f3e1dfd74b91aa43ba5a62353dfcf258e9d8edde903b2fb77

    • SHA512

      25a0239b6c8147b41089f26c4184a8df42b7974598d12cd0d4c3109fcbd6f6d11e581a5345e90c03ccee502ab6549fef69668007db0bc41ad11ae92889f3d3aa

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks