General

  • Target

    c9d5fafdb8b7c0da27cd5c6e29d44bfaf6a83bae51f93e681e3e2688662e3a4b

  • Size

    162KB

  • Sample

    210629-vgzjl6yd86

  • MD5

    3f8b97740bc7f7c57d481baa06e992c3

  • SHA1

    1cf9f09a6581f9b67f9cc7b2d2999a300232deef

  • SHA256

    c9d5fafdb8b7c0da27cd5c6e29d44bfaf6a83bae51f93e681e3e2688662e3a4b

  • SHA512

    00f05510b4e34f7cd80c8cbe4d3b6c8d696dd0152a36f417efb4c36b0d515f7619257e4618380253664005587f6f803bfe0cbc672c90106f330aba6835d14e9a

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      c9d5fafdb8b7c0da27cd5c6e29d44bfaf6a83bae51f93e681e3e2688662e3a4b

    • Size

      162KB

    • MD5

      3f8b97740bc7f7c57d481baa06e992c3

    • SHA1

      1cf9f09a6581f9b67f9cc7b2d2999a300232deef

    • SHA256

      c9d5fafdb8b7c0da27cd5c6e29d44bfaf6a83bae51f93e681e3e2688662e3a4b

    • SHA512

      00f05510b4e34f7cd80c8cbe4d3b6c8d696dd0152a36f417efb4c36b0d515f7619257e4618380253664005587f6f803bfe0cbc672c90106f330aba6835d14e9a

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks