General

  • Target

    e3c4f823a1d0f942cdcf224f963ee1179c3f793e65275fc50a901478ce20da11

  • Size

    162KB

  • Sample

    210629-x6rcb6qzqs

  • MD5

    de947f43c48595615405fbf480f69c83

  • SHA1

    e2f3e212cfe3b445f39f3f2c7a0584e8fd012baf

  • SHA256

    e3c4f823a1d0f942cdcf224f963ee1179c3f793e65275fc50a901478ce20da11

  • SHA512

    32d19e940e4de26dd0445b28d7ffcb04674679bfb0714e7c4f275d46f64300da252014e457c074c58823bd32589096201e012335972b7e82b80ed33a0a10add7

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
rc4.plain

Targets

    • Target

      e3c4f823a1d0f942cdcf224f963ee1179c3f793e65275fc50a901478ce20da11

    • Size

      162KB

    • MD5

      de947f43c48595615405fbf480f69c83

    • SHA1

      e2f3e212cfe3b445f39f3f2c7a0584e8fd012baf

    • SHA256

      e3c4f823a1d0f942cdcf224f963ee1179c3f793e65275fc50a901478ce20da11

    • SHA512

      32d19e940e4de26dd0445b28d7ffcb04674679bfb0714e7c4f275d46f64300da252014e457c074c58823bd32589096201e012335972b7e82b80ed33a0a10add7

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks