0e5fe8af64b1c5ead75e629b8afd34c0

General
Target

0e5fe8af64b1c5ead75e629b8afd34c0

Size

660KB

Sample

210722-314eqs6k4a

Score
10 /10
MD5

0e5fe8af64b1c5ead75e629b8afd34c0

SHA1

3f37deb279e3ad45dd7c5c6a8656bbc07cd8157c

SHA256

6ca95953e88828830e9cdecb6f56a1139d7678b3d2bf2c2e32c27ee01cece84e

SHA512

1e5dc477905df85320e06de37900763d276f11d131d818940588f5d65116d1c5c132d56630a3ae7e13df7dc351485d1833178c0c6d154b4b96f2f0d5bc591500

Malware Config

Extracted

Family dridex
Botnet 22201
C2

178.238.236.59:443

104.245.52.73:5007

81.0.236.93:13786

rc4.plain
rc4.plain
Targets
Target

0e5fe8af64b1c5ead75e629b8afd34c0

MD5

0e5fe8af64b1c5ead75e629b8afd34c0

Filesize

660KB

Score
10 /10
SHA1

3f37deb279e3ad45dd7c5c6a8656bbc07cd8157c

SHA256

6ca95953e88828830e9cdecb6f56a1139d7678b3d2bf2c2e32c27ee01cece84e

SHA512

1e5dc477905df85320e06de37900763d276f11d131d818940588f5d65116d1c5c132d56630a3ae7e13df7dc351485d1833178c0c6d154b4b96f2f0d5bc591500

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Process spawned unexpected child process

    Description

    This typically indicates the parent process was compromised via an exploit or macro.

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Tags

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks