General

  • Target

    hsy_utu8_12u_v4.4.7.0.dll

  • Size

    175KB

  • Sample

    210727-5vkh2pfzes

  • MD5

    ebdfd39f4b9ab189cd32b271db4bb3ac

  • SHA1

    839ca7bf434c05541e2df56e1eab0819a5822b1d

  • SHA256

    0f52e85eae79fb03bd9b391bc9753417cd066990a41251d385f55e2c9c7b4b53

  • SHA512

    f050cf3506ba11bb06710590e050c7e18a50815d5401d065fa4c3732afae718a509dbe3cc2a14fa040f7555414f2a183eba841e63d4df8112f00fcc78842afbe

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

45.79.33.48:443

139.162.202.74:5007

68.183.216.174:7443

rc4.plain
rc4.plain

Targets

    • Target

      hsy_utu8_12u_v4.4.7.0.dll

    • Size

      175KB

    • MD5

      ebdfd39f4b9ab189cd32b271db4bb3ac

    • SHA1

      839ca7bf434c05541e2df56e1eab0819a5822b1d

    • SHA256

      0f52e85eae79fb03bd9b391bc9753417cd066990a41251d385f55e2c9c7b4b53

    • SHA512

      f050cf3506ba11bb06710590e050c7e18a50815d5401d065fa4c3732afae718a509dbe3cc2a14fa040f7555414f2a183eba841e63d4df8112f00fcc78842afbe

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks