General

  • Target

    04470492cdf836e1573c96a08b5a77975e3154eae50090932aa3b6405eeb4765.dll

  • Size

    158KB

  • Sample

    230316-rwzwhade7x

  • MD5

    6c3918f69235c7fef8e48d04106c93a0

  • SHA1

    5d1807e6ddf88e1ccea39230c8ad7e8c10cc689e

  • SHA256

    04470492cdf836e1573c96a08b5a77975e3154eae50090932aa3b6405eeb4765

  • SHA512

    afa9ffb594b8a3e1e1674c9ce8d712ba867918b8fc4975a241f2ba760313422efebc0644dc1ee0d0cc2b42f017e76297da2dba7c2f04ca979edbafb64a5325a1

  • SSDEEP

    3072:0A6cVUieJXfe5aL7FBMOJr7uC3IDaAunyw654/Q2uZAlDO:03J256FBMO93IuAiywi4Y2Z

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

8.210.53.215:443

72.249.22.245:2303

188.40.137.206:8172

rc4.plain
rc4.plain

Targets

    • Target

      04470492cdf836e1573c96a08b5a77975e3154eae50090932aa3b6405eeb4765.dll

    • Size

      158KB

    • MD5

      6c3918f69235c7fef8e48d04106c93a0

    • SHA1

      5d1807e6ddf88e1ccea39230c8ad7e8c10cc689e

    • SHA256

      04470492cdf836e1573c96a08b5a77975e3154eae50090932aa3b6405eeb4765

    • SHA512

      afa9ffb594b8a3e1e1674c9ce8d712ba867918b8fc4975a241f2ba760313422efebc0644dc1ee0d0cc2b42f017e76297da2dba7c2f04ca979edbafb64a5325a1

    • SSDEEP

      3072:0A6cVUieJXfe5aL7FBMOJr7uC3IDaAunyw654/Q2uZAlDO:03J256FBMO93IuAiywi4Y2Z

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks