General

  • Target

    xlsb_dlls.zip

  • Size

    368KB

  • Sample

    211020-szv76aabcr

  • MD5

    3895d9b1fb4d0683851cb2e447946db5

  • SHA1

    bc0ab78947a6b4d139c8c02ef4d1988bde9972bd

  • SHA256

    584535560c1edb7f31466ce2efacf0cd4ca94cb91929aaf08f22ac530071f88e

  • SHA512

    44424f9a06d3aa8a5ae869e569636ff67cb7e4a8581c586bc830cc469f3f214616d5f4bb3b441ce2d6f086aa336f6d709853ce87d77852829f569a4c9da5c333

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

155.138.203.91:443

207.180.220.242:8116

46.101.142.214:6891

rc4.plain
rc4.plain

Targets

    • Target

      5_netplwiz.dll

    • Size

      180KB

    • MD5

      766cbe3c26ced2d55252490f519ff4fa

    • SHA1

      a31074006b5aca4e681cd72fd0055bff85c584b2

    • SHA256

      b34a364fca951188246775346510738b9ac99cc01976e916b1095a6a4f97bbe3

    • SHA512

      c78114cb47d1533de96eba4c6c98534d370e46b34c188b28e2c24a073855f90557d6790b3dda6f11b00961b9be5e09126216995e3bea8be7e86b441b72526f40

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Target

      6_mqtrig.dll

    • Size

      180KB

    • MD5

      e9111abf76f914c5d8831d39e0fe71e5

    • SHA1

      bba7a5a184577daef489cd5b7d00851e767a5164

    • SHA256

      75adbe053b2e26da9cf6681eddf9b282e8e2c3ee20cfc60bd3ee7fab471dda9b

    • SHA512

      d4728310013f54337abc175a52b79ce8524d42b4d41106a0636bace1dbfb7904b984431c16078118e3e97c1c5ed15f5aa4dba909c32e10041352a72a478a94d2

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Target

      7_msdtckrm.dll

    • Size

      180KB

    • MD5

      78efcbf78180862250dda72701f2f1b1

    • SHA1

      2bdef6651de6cd9ee884149b894141c95650b6e7

    • SHA256

      972450a14781c1a1be59542e69585fa8548d2150ede9045009d1016472a34597

    • SHA512

      e54569fda2f4aafc02c5bbd00012a0a83822d85c391378302d44008b0556ac6e1ab3d90bdf3148a9ad93d20886d0893403b877b71580f8f69c849bfc65b5f022

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

MITRE ATT&CK Matrix

Tasks