General

  • Target

    8067936122.zip

  • Size

    161KB

  • Sample

    220922-g5v9kaeabl

  • MD5

    4c2c7a7fa3adb382a1cb79857c41cbaa

  • SHA1

    0a853d5bb301dfbbcd13340f1449b7970621e528

  • SHA256

    d56ca9626b0b7984d84ee46f9b999b1e1b33a06bad2455b15663a47a271993a7

  • SHA512

    c6f4f848001444a06d7596d3b1c887b245c1b45a3bc901ec204c04cfe8b075847d64679b2e565812d4f48090a7faa86b5e336de1f9f96347322d8eba216e82f5

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

195.154.146.84:443

45.56.121.87:8116

157.245.222.44:5723

rc4.plain
rc4.plain

Targets

    • Target

      3c4be1285b8069c2db590c1de6a77adef3198cc9c3f323aef5de73753421c2e8

    • Size

      244KB

    • MD5

      94395a29f0cf16cc80c2a1a4aee0d8d4

    • SHA1

      c40574963b019d49fae4cffcefd970edf3957826

    • SHA256

      3c4be1285b8069c2db590c1de6a77adef3198cc9c3f323aef5de73753421c2e8

    • SHA512

      ca4fbefdfd4437f01d11545a28a3d21873f417a237a2e4a7e5c10abc2d59abbe5ffcdb146144e1c7dcfb304b9d747b119c8b1f0e72ac312c0a029cf12985d9f8

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation