General

  • Target

    4b4d0e3e435b94705cc1d5fc24166adf2c51d5a181a0d68d4ce63ac517f2037c

  • Size

    3.0MB

  • Sample

    220625-1kz7kafcc5

  • MD5

    abf6e9892c2de2d0df9dc8a80f7dd4ca

  • SHA1

    026493fb163831a7b0678bc51d851dc722d61888

  • SHA256

    4b4d0e3e435b94705cc1d5fc24166adf2c51d5a181a0d68d4ce63ac517f2037c

  • SHA512

    237df4beefc43d8f2c38c492f2e5223ef3782e42ee47099afeee0fa9a157649899f4533a9dc697a694a6726b55982f934a33cb1167b5255e336c89859b5f366f

Score
10/10

Malware Config

Extracted

Family

dridex

C2

23.226.225.152:443

178.128.20.11:3389

198.23.146.216:8443

206.189.112.148:691

Targets

    • Target

      4b4d0e3e435b94705cc1d5fc24166adf2c51d5a181a0d68d4ce63ac517f2037c

    • Size

      3.0MB

    • MD5

      abf6e9892c2de2d0df9dc8a80f7dd4ca

    • SHA1

      026493fb163831a7b0678bc51d851dc722d61888

    • SHA256

      4b4d0e3e435b94705cc1d5fc24166adf2c51d5a181a0d68d4ce63ac517f2037c

    • SHA512

      237df4beefc43d8f2c38c492f2e5223ef3782e42ee47099afeee0fa9a157649899f4533a9dc697a694a6726b55982f934a33cb1167b5255e336c89859b5f366f

    Score
    10/10
    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks