dridex | c9d5808e3607fefa76c993ecf7eb992051aab448d67addd55aefcbb5548e95fc | Triage

Sharing

General

Target

02da56ab49f16bbb06c64e8cf2278700N.exe
Size

188KB
Sample

240819-q317gaxdlf
MD5

02da56ab49f16bbb06c64e8cf2278700
SHA1

c469e75ba3cf51e505820673d54945bd5fbed6a8
SHA256

c9d5808e3607fefa76c993ecf7eb992051aab448d67addd55aefcbb5548e95fc
SHA512

d1a57139421e5fee69403ede32aa013d113b8e87b75c4881316859cdc73095aa294a7fdb68d4501c000f5d43d047214c91a8256541a80279c8316b42efc2fc06
SSDEEP

3072:dWa3N1eqJ7cNe58per6JpynepWHVD9qMe402JYIUk9H8Iz83SWr9klSC:7xwO/Spynep6VDcMeQeIUk9cI6j5

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

134.209.182.12:443

188.40.100.254:4664

103.109.247.9:10443

rc4.plain

rc4.plain

Targets

- Target
  
  02da56ab49f16bbb06c64e8cf2278700N.exe
- Size
  
  188KB
- MD5
  
  02da56ab49f16bbb06c64e8cf2278700
- SHA1
  
  c469e75ba3cf51e505820673d54945bd5fbed6a8
- SHA256
  
  c9d5808e3607fefa76c993ecf7eb992051aab448d67addd55aefcbb5548e95fc
- SHA512
  
  d1a57139421e5fee69403ede32aa013d113b8e87b75c4881316859cdc73095aa294a7fdb68d4501c000f5d43d047214c91a8256541a80279c8316b42efc2fc06
- SSDEEP
  
  3072:dWa3N1eqJ7cNe58per6JpynepWHVD9qMe402JYIUk9H8Iz83SWr9klSC:7xwO/Spynep6VDcMeQeIUk9cI6j5
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader