General

  • Target

    YxmLURonkkklgbtq.bin

  • Size

    512KB

  • Sample

    220626-g3mveabge2

  • MD5

    aa0ffec1cd9b4482262af7a9627dea44

  • SHA1

    6fb4d8a51447e03cd7b3c5fc325fe255d32c6d03

  • SHA256

    8cd9c1725c59139cafb22e210d4cbd0e6d78c2d5ed5cddda30b173dc85950d9e

  • SHA512

    83f0ee18b7e44104f12f8ee6bcb70e7256304187b0cc5d64ea974fcf8b7739c96bf6bc17e02a04f3a87b02bde8edec23f0b8d23433fc9be236b953f27c9ea222

Malware Config

Extracted

Family

dridex

Botnet

22203

C2

51.159.52.196:443

134.209.247.135:6602

194.233.68.48:5228

89.31.56.58:593

rc4.plain
rc4.plain

Targets

    • Target

      YxmLURonkkklgbtq.bin

    • Size

      512KB

    • MD5

      aa0ffec1cd9b4482262af7a9627dea44

    • SHA1

      6fb4d8a51447e03cd7b3c5fc325fe255d32c6d03

    • SHA256

      8cd9c1725c59139cafb22e210d4cbd0e6d78c2d5ed5cddda30b173dc85950d9e

    • SHA512

      83f0ee18b7e44104f12f8ee6bcb70e7256304187b0cc5d64ea974fcf8b7739c96bf6bc17e02a04f3a87b02bde8edec23f0b8d23433fc9be236b953f27c9ea222

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

MITRE ATT&CK Matrix

Tasks