General

  • Target

    8027466137.zip

  • Size

    161KB

  • Sample

    220922-g9qvmseacp

  • MD5

    54fdbe127f57cca13d5d28390df07248

  • SHA1

    2d55355f596c84f0ae6054fc57fd1295a60d6361

  • SHA256

    cf8e7d9092ffe768399139c549b410195cc361c1ca1108a7ac2b5ede3a335f8a

  • SHA512

    b097c24e9397a8faca32d6732045a569770e4784c9e459a23ab86beecd1926f1d80974485b1ad02bbe338139b99cc301ce1fbc7aa422c04f13f7e4231c917e83

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

195.154.146.84:443

45.56.121.87:8116

157.245.222.44:5723

rc4.plain
rc4.plain

Targets

    • Target

      849d3eb659fc41ba57098e5e48d694f5c4389cdb7157642b47fc1b0c6d75c00b

    • Size

      244KB

    • MD5

      527acdff5f6083b091e9361ecc9bed36

    • SHA1

      2028f4ccb2e8b95f296a3ea61d6be597303efba3

    • SHA256

      849d3eb659fc41ba57098e5e48d694f5c4389cdb7157642b47fc1b0c6d75c00b

    • SHA512

      c691c182fd6fc03ae75d602bf4c6466128e16803cbfd8d55db9f3e41c35b602fd5214db03d0fd8a8e8d7bc58cf82f97f246ff8411c763b7a8cf586b34c9d0049

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation