dridex | 170ff11802ca3e079cda72ba6c8f945fbe199341d03239ce7cfce8c231df5fe8 | Triage

Sharing

General

Target

170ff11802ca3e079cda72ba6c8f945fbe199341d03239ce7cfce8c231df5fe8
Size

188KB
Sample

240817-xy4v5asbka
MD5

611198049f7c82b9503264735cc34839
SHA1

ed8041f841fc09e320fb29ebb2f92adf4941cc27
SHA256

170ff11802ca3e079cda72ba6c8f945fbe199341d03239ce7cfce8c231df5fe8
SHA512

2f7262447c2a1b645b644f63f5abb6b902384568ab14a986a62f6c289e6a9efd08fe0cae680c67972bc28c5ea4141ccd6d5b402e2f13c8f9572a4802f28f89c9
SSDEEP

3072:eWa3N1eqJ7cNe58per6JpynepWHVD9qMe402JYIUk9H8Iz83SWj9klSC:yxwO/Spynep6VDcMeQeIUk9cI6b5

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

134.209.182.12:443

188.40.100.254:4664

103.109.247.9:10443

rc4.plain

rc4.plain

Targets

- Target
  
  170ff11802ca3e079cda72ba6c8f945fbe199341d03239ce7cfce8c231df5fe8
- Size
  
  188KB
- MD5
  
  611198049f7c82b9503264735cc34839
- SHA1
  
  ed8041f841fc09e320fb29ebb2f92adf4941cc27
- SHA256
  
  170ff11802ca3e079cda72ba6c8f945fbe199341d03239ce7cfce8c231df5fe8
- SHA512
  
  2f7262447c2a1b645b644f63f5abb6b902384568ab14a986a62f6c289e6a9efd08fe0cae680c67972bc28c5ea4141ccd6d5b402e2f13c8f9572a4802f28f89c9
- SSDEEP
  
  3072:eWa3N1eqJ7cNe58per6JpynepWHVD9qMe402JYIUk9H8Iz83SWj9klSC:yxwO/Spynep6VDcMeQeIUk9cI6b5
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader