General

  • Target

    f1be5b36bbbbf84645d34bdaf695bffb0a7161bba9548d087598d6807830784c

  • Size

    162KB

  • Sample

    210629-7gxllm76j6

  • MD5

    0576c57af9a8f91da31ec2bbc2b94a5f

  • SHA1

    f1fc5ebf558ed834a0c66e74ccbc95410eb3e89b

  • SHA256

    f1be5b36bbbbf84645d34bdaf695bffb0a7161bba9548d087598d6807830784c

  • SHA512

    deba1208666f0fe6717e30344b3e08f6e10d10edb802221b0a9252c6aeca9373e00d8ae12fd8b7aa6199438ac9e98f7e01323978bf102ff81ebd74ee0c35984a

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      f1be5b36bbbbf84645d34bdaf695bffb0a7161bba9548d087598d6807830784c

    • Size

      162KB

    • MD5

      0576c57af9a8f91da31ec2bbc2b94a5f

    • SHA1

      f1fc5ebf558ed834a0c66e74ccbc95410eb3e89b

    • SHA256

      f1be5b36bbbbf84645d34bdaf695bffb0a7161bba9548d087598d6807830784c

    • SHA512

      deba1208666f0fe6717e30344b3e08f6e10d10edb802221b0a9252c6aeca9373e00d8ae12fd8b7aa6199438ac9e98f7e01323978bf102ff81ebd74ee0c35984a

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks