General

  • Target

    dlls.zip

  • Size

    370KB

  • Sample

    211021-vl57babdfq

  • MD5

    00a4abc40893835e10c613a3445b6c3e

  • SHA1

    d3fd306632e129dbc8f0700e0d4a370af767f788

  • SHA256

    7971753826c00e8e009154c86e228c2f15fc58a843bdc8e440ed40ae9e44252d

  • SHA512

    5fa8edb9f9b1ed9b81f5b28409f89cdbd469898f72febada8b0eaead5b594722c98bd6ab9a83624b414af3e9d5e01ea710301167f234bb5cc5e4cdbc959bbcd9

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

212.237.17.99:443

176.28.17.160:6602

51.254.140.238:8333

rc4.plain
rc4.plain

Targets

    • Target

      0_WPDSp.dll

    • Size

      180KB

    • MD5

      8bbac1f6e64537bd91f903994912dc96

    • SHA1

      9099279d268d3b3ded00bcc5294b8df79b7a6abe

    • SHA256

      12627600a70bff6a42e8319f71a2221338ff54332afbf6ae28f130f2cfde630b

    • SHA512

      4684a015de4a1bc2852000624adbd3243db72d3d544636c1713a475a71bc407707a8a6509fa956b5dc5bd071ca7e09ee33f4cde48baf62ff5d0ecb2725fb4b8f

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Target

      4_aepdu.dll

    • Size

      180KB

    • MD5

      339008271ae6018ecaa401fb76bb1db0

    • SHA1

      c78c07b6476897489c5c5c40fafa0c5657ff9d61

    • SHA256

      9a28abb1d55dfef5eb71317b95445442f2c7b8e094e0480ecb8a0e0c13274934

    • SHA512

      821f4354446c889d377b9b3c523f2be8ea3ddd6b1f4b6d9c161a5057847ed353d3a9298bdd0e14bcd7b1966a65078d2a7a639b0a9ac1b1c84ec0a4fa60456de3

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Target

      8_hp8500at.dll

    • Size

      180KB

    • MD5

      f8c801f32b822d210bbb788407ed29cf

    • SHA1

      bc6b2888442a55b42d4aadf563a7383cafe20de5

    • SHA256

      adbd74fa44708c118685b0798bc9e27e0fd50d027a22bbf6328da02875cb18de

    • SHA512

      e5b03e1638ab04fb014683848fd4f4fb417e371b6c182c07e7f9c9589f5c95f774e8d47ad2411c71f1b9027598f10fd4c405539ef1e026953f1a3e9c5612e72f

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

MITRE ATT&CK Matrix

Tasks