dridex | b60c01e98969144fc8d3229a9d3b82de13879444d91f558ea4483547141b85a5 | Triage

Sharing

General

Target

fde6b5be428ee0956ab4ef231ed21dd7_JaffaCakes118
Size

175KB
Sample

240420-3gqvtscg94
MD5

fde6b5be428ee0956ab4ef231ed21dd7
SHA1

a223c73bdf81d1cee58b20bfaeab412c0b2a99d9
SHA256

b60c01e98969144fc8d3229a9d3b82de13879444d91f558ea4483547141b85a5
SHA512

9f5de9a37e2e61622d2d1c8e8c52d39f782c093d64feeffd5fc3b7f5a53f8258a80a274c58a4d15651c8e1c4f219a7856aa5f864b449ffc9d2c6566ad6a0209e
SSDEEP

3072:WiY5bY8XE+kkqh84cKcv4FinaLzL2rVQLOmpvNbTAv7stOr18T:JRAkkk84e4wne2nmhFAv74O

Score

10^/10

dridex 22201 botnet evasion loader trojan

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

45.79.33.48:443

139.162.202.74:5007

68.183.216.174:7443

rc4.plain

rc4.plain

Targets

- Target
  
  fde6b5be428ee0956ab4ef231ed21dd7_JaffaCakes118
- Size
  
  175KB
- MD5
  
  fde6b5be428ee0956ab4ef231ed21dd7
- SHA1
  
  a223c73bdf81d1cee58b20bfaeab412c0b2a99d9
- SHA256
  
  b60c01e98969144fc8d3229a9d3b82de13879444d91f558ea4483547141b85a5
- SHA512
  
  9f5de9a37e2e61622d2d1c8e8c52d39f782c093d64feeffd5fc3b7f5a53f8258a80a274c58a4d15651c8e1c4f219a7856aa5f864b449ffc9d2c6566ad6a0209e
- SSDEEP
  
  3072:WiY5bY8XE+kkqh84cKcv4FinaLzL2rVQLOmpvNbTAv7stOr18T:JRAkkk84e4wne2nmhFAv74O
Score

10^/10

dridex 22201 botnet evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dridex22201botnetevasionloadertrojan

behavioral2

dridex22201botnetevasionloadertrojan