General

  • Target

    3f5193587a16d5010644975e679059aea988f5325f026beef554ae7bbd0032ac

  • Size

    162KB

  • Sample

    210629-9ydr61ckbj

  • MD5

    f45e5685979aee811129cf13e4b80be8

  • SHA1

    c9fce59e36b7037e1bd93476641647f8e9a22d7b

  • SHA256

    3f5193587a16d5010644975e679059aea988f5325f026beef554ae7bbd0032ac

  • SHA512

    439fe92aaf0f4d31650fbf18d706393907513622e4ce2bc13c3a751936a5af0a9df28e162cde26d3085bfda131acb164f1e797a7b8c2caeaa79e9c3680c86e66

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      3f5193587a16d5010644975e679059aea988f5325f026beef554ae7bbd0032ac

    • Size

      162KB

    • MD5

      f45e5685979aee811129cf13e4b80be8

    • SHA1

      c9fce59e36b7037e1bd93476641647f8e9a22d7b

    • SHA256

      3f5193587a16d5010644975e679059aea988f5325f026beef554ae7bbd0032ac

    • SHA512

      439fe92aaf0f4d31650fbf18d706393907513622e4ce2bc13c3a751936a5af0a9df28e162cde26d3085bfda131acb164f1e797a7b8c2caeaa79e9c3680c86e66

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks