General

  • Target

    c7a12d4ce2499922b866f395a446a3b735bfecdd0635635247652d96e24e0962

  • Size

    162KB

  • Sample

    210629-9xqk262ry2

  • MD5

    b88e89a8ed30e1e66def641c286877bc

  • SHA1

    00487015a5427ad7e40d25644fe6aa6a01229581

  • SHA256

    c7a12d4ce2499922b866f395a446a3b735bfecdd0635635247652d96e24e0962

  • SHA512

    c6c83cc95139fc82b7f47957212f5209922a2a98b6c7be88ddfcd45c9b05869a687d37816d003edb4faeb91d2903518df89ec08338348f09809c72c8ca104101

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      c7a12d4ce2499922b866f395a446a3b735bfecdd0635635247652d96e24e0962

    • Size

      162KB

    • MD5

      b88e89a8ed30e1e66def641c286877bc

    • SHA1

      00487015a5427ad7e40d25644fe6aa6a01229581

    • SHA256

      c7a12d4ce2499922b866f395a446a3b735bfecdd0635635247652d96e24e0962

    • SHA512

      c6c83cc95139fc82b7f47957212f5209922a2a98b6c7be88ddfcd45c9b05869a687d37816d003edb4faeb91d2903518df89ec08338348f09809c72c8ca104101

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks