General

  • Target

    6c45400ed9b390db5c81a0aa139006ee

  • Size

    1.1MB

  • Sample

    240121-ea546seacr

  • MD5

    6c45400ed9b390db5c81a0aa139006ee

  • SHA1

    c830b7cb17e7e39822ae49e5737145c46301b879

  • SHA256

    39d35557819d643286bc8652520f14f53fc9f62e5f47d025ee8830be269a5b34

  • SHA512

    607e2b1722c5d092f778de00838f4bdd1f0c53c8a0544df205e04ab8bb4400b1314b656706ca3e878b2ebdaf01d9b219239977e45782f19c6ff151d8a14f796d

  • SSDEEP

    12288:ZM+ZdkmHubeaCo6TRg522A/sUQBJ86vp:ZMcpTo6a00BO2

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

176.9.89.122:10172

147.91.31.1:6225

103.30.247.115:7443

rc4.plain
rc4.plain

Targets

    • Target

      6c45400ed9b390db5c81a0aa139006ee

    • Size

      1.1MB

    • MD5

      6c45400ed9b390db5c81a0aa139006ee

    • SHA1

      c830b7cb17e7e39822ae49e5737145c46301b879

    • SHA256

      39d35557819d643286bc8652520f14f53fc9f62e5f47d025ee8830be269a5b34

    • SHA512

      607e2b1722c5d092f778de00838f4bdd1f0c53c8a0544df205e04ab8bb4400b1314b656706ca3e878b2ebdaf01d9b219239977e45782f19c6ff151d8a14f796d

    • SSDEEP

      12288:ZM+ZdkmHubeaCo6TRg522A/sUQBJ86vp:ZMcpTo6a00BO2

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks