General

  • Target

    c495364bed22f32f4ec516a41d2f218fe164e814ee1d97d28b52dd19b1db9dbd

  • Size

    158KB

  • Sample

    210629-bpwkps8bb2

  • MD5

    e2724936248d11a49e9aa46df7e30252

  • SHA1

    743a5379bca09b4e0030ebbcc5eee28ff554c731

  • SHA256

    c495364bed22f32f4ec516a41d2f218fe164e814ee1d97d28b52dd19b1db9dbd

  • SHA512

    8d7f75cc336db624d09b9117e694db69edb00f6406eed89d8d1141017f91ce85d12c642095da626d38b6f57942644356175f97e8c96caf27a5c673f578322a56

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

8.210.53.215:443

72.249.22.245:2303

188.40.137.206:8172

rc4.plain
rc4.plain

Targets

    • Target

      c495364bed22f32f4ec516a41d2f218fe164e814ee1d97d28b52dd19b1db9dbd

    • Size

      158KB

    • MD5

      e2724936248d11a49e9aa46df7e30252

    • SHA1

      743a5379bca09b4e0030ebbcc5eee28ff554c731

    • SHA256

      c495364bed22f32f4ec516a41d2f218fe164e814ee1d97d28b52dd19b1db9dbd

    • SHA512

      8d7f75cc336db624d09b9117e694db69edb00f6406eed89d8d1141017f91ce85d12c642095da626d38b6f57942644356175f97e8c96caf27a5c673f578322a56

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks