General

  • Target

    e9ed72ccc2119338e9049aa88fd139294dc583c9350d123c3c7bbaa69abd1487

  • Size

    162KB

  • Sample

    210629-bypyfnrht6

  • MD5

    c9e1775773c5f95498a95d72304380b0

  • SHA1

    373d02bae4778e83a76519e0942f8027bcd292ec

  • SHA256

    e9ed72ccc2119338e9049aa88fd139294dc583c9350d123c3c7bbaa69abd1487

  • SHA512

    f0661f9c4b347e51b4ec877c6ffdccd48b47555df9ab2acc7eda28a0bea097dd7c3dafc87ba1cc1f1f44af98c0dd11e85c7353933a57d3a4bce737f99e01932b

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      e9ed72ccc2119338e9049aa88fd139294dc583c9350d123c3c7bbaa69abd1487

    • Size

      162KB

    • MD5

      c9e1775773c5f95498a95d72304380b0

    • SHA1

      373d02bae4778e83a76519e0942f8027bcd292ec

    • SHA256

      e9ed72ccc2119338e9049aa88fd139294dc583c9350d123c3c7bbaa69abd1487

    • SHA512

      f0661f9c4b347e51b4ec877c6ffdccd48b47555df9ab2acc7eda28a0bea097dd7c3dafc87ba1cc1f1f44af98c0dd11e85c7353933a57d3a4bce737f99e01932b

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks