dridex | 049a46590281b36139e59e857ba09f5423f4ca663f843b68d9ced03816cef1dc | Triage

Sharing

General

Target

ae5324c16fc7f4e87e1f45c9b95e2950N.exe
Size

184KB
Sample

240816-dxysyaserd
MD5

ae5324c16fc7f4e87e1f45c9b95e2950
SHA1

91c6f456bbfb00f2ec4a91c80d91858027db5df3
SHA256

049a46590281b36139e59e857ba09f5423f4ca663f843b68d9ced03816cef1dc
SHA512

e3db818d7bca3c0100971f76d58df915ac4561f6f8ae915e8a4aa40b9aed4cf65f3c2a446368ebd82aa471149f264588ea6e95cd49b90e998f80ef411efad34b
SSDEEP

3072:8iLVj+luuUXoPOK2z1WPRgg5YbW+d0Ojk1bSA5q/eaojlzoxss7:8iLVCIT4WK2z1W+CUHZj4Skq/eao5oC

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

80.241.218.90:443

103.161.172.109:13786

87.98.128.76:5723

rc4.plain

rc4.plain

Targets

- Target
  
  ae5324c16fc7f4e87e1f45c9b95e2950N.exe
- Size
  
  184KB
- MD5
  
  ae5324c16fc7f4e87e1f45c9b95e2950
- SHA1
  
  91c6f456bbfb00f2ec4a91c80d91858027db5df3
- SHA256
  
  049a46590281b36139e59e857ba09f5423f4ca663f843b68d9ced03816cef1dc
- SHA512
  
  e3db818d7bca3c0100971f76d58df915ac4561f6f8ae915e8a4aa40b9aed4cf65f3c2a446368ebd82aa471149f264588ea6e95cd49b90e998f80ef411efad34b
- SSDEEP
  
  3072:8iLVj+luuUXoPOK2z1WPRgg5YbW+d0Ojk1bSA5q/eaojlzoxss7:8iLVCIT4WK2z1W+CUHZj4Skq/eao5oC
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader