General

  • Target

    iMzLYIacjTSkkklgbtq.bin

  • Size

    512KB

  • Sample

    220626-gcl57ahafm

  • MD5

    11d52c5c4588cc43842dca09a21f1eb6

  • SHA1

    599267f47c25f6eafa52ace80dfd9fad2aa798d8

  • SHA256

    947cfb6d949f9a30f0c66d2aaabb0ccbe4cd0acf735abebc0e929e49c9fe83eb

  • SHA512

    e0cb6461c44d70c9398ae9f93d079748de13dc9122f17084c3b1a02b7d8f901259d91cfca5bb1d750e8bed74db83859e829a283223b6471163c3634a2f06bba4

Malware Config

Extracted

Family

dridex

Botnet

22203

C2

51.159.52.196:443

134.209.247.135:6602

194.233.68.48:5228

89.31.56.58:593

rc4.plain
rc4.plain

Targets

    • Target

      iMzLYIacjTSkkklgbtq.bin

    • Size

      512KB

    • MD5

      11d52c5c4588cc43842dca09a21f1eb6

    • SHA1

      599267f47c25f6eafa52ace80dfd9fad2aa798d8

    • SHA256

      947cfb6d949f9a30f0c66d2aaabb0ccbe4cd0acf735abebc0e929e49c9fe83eb

    • SHA512

      e0cb6461c44d70c9398ae9f93d079748de13dc9122f17084c3b1a02b7d8f901259d91cfca5bb1d750e8bed74db83859e829a283223b6471163c3634a2f06bba4

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

MITRE ATT&CK Matrix

Tasks