General

  • Target

    8021296148.zip

  • Size

    161KB

  • Sample

    220922-hgmg7aada6

  • MD5

    aa583da019a324ad19d33bbb7aae4d71

  • SHA1

    0ea29c314e63b1e48ae57dde580ab95601f566d0

  • SHA256

    da13f5b20d545da69afface62446552d3ca66b9bca79cbecd289a0046116a3f7

  • SHA512

    6671eeb8b3f7bc57da9580b1e738c0339c19f52dac15fb10851a040c964bed1a02752d280ac3c2b349ed4aea2b69d46951714e8bc56857ce40cac992b1ab63c3

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

195.154.146.84:443

45.56.121.87:8116

157.245.222.44:5723

rc4.plain
rc4.plain

Targets

    • Target

      975dc7061e68f49f1076380ab533d07414a4c4de75ce8ba12c769881c5f619c5

    • Size

      244KB

    • MD5

      4500ca23b2d000eabda4796a08625d70

    • SHA1

      50f9189d0213b6949e113d948b0f293933f85ba4

    • SHA256

      975dc7061e68f49f1076380ab533d07414a4c4de75ce8ba12c769881c5f619c5

    • SHA512

      975f178dcce898a13c8eac97c99280ad9e2b2964df04017120b55cc5b705b6a6417109f8a137006912001bde90b53d17630106c40751ae713df7fc08ef50f738

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation