General

  • Target

    2725e7a4aa370f4cd2f032a8d9a4c9d796ff5c162d6f4741ce6f7c10de90cd37

  • Size

    158KB

  • Sample

    210629-t3xyda5mfs

  • MD5

    7c6836cf5819faf94b379c3aeb4aad33

  • SHA1

    badb70a6a6d2cdc48d624be154d7e8e81d4e144b

  • SHA256

    2725e7a4aa370f4cd2f032a8d9a4c9d796ff5c162d6f4741ce6f7c10de90cd37

  • SHA512

    028b657d83bb5722f48e092d4f8311b283bd43346461ab055a1e7316ecab396f0dd060d0165acabbb949be1fd447955bde0b92e3d6dfb2deb8aed376bf399a19

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

8.210.53.215:443

72.249.22.245:2303

188.40.137.206:8172

rc4.plain
rc4.plain

Targets

    • Target

      2725e7a4aa370f4cd2f032a8d9a4c9d796ff5c162d6f4741ce6f7c10de90cd37

    • Size

      158KB

    • MD5

      7c6836cf5819faf94b379c3aeb4aad33

    • SHA1

      badb70a6a6d2cdc48d624be154d7e8e81d4e144b

    • SHA256

      2725e7a4aa370f4cd2f032a8d9a4c9d796ff5c162d6f4741ce6f7c10de90cd37

    • SHA512

      028b657d83bb5722f48e092d4f8311b283bd43346461ab055a1e7316ecab396f0dd060d0165acabbb949be1fd447955bde0b92e3d6dfb2deb8aed376bf399a19

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks