dridex | c85b8803ce450f24ceb194c5989a902db2ab0571ff6cd7a49a31ba311d894f7c | Triage

Sharing

General

Target

a9efaa71d389536c5df61fc6b6f110a0N.exe
Size

188KB
Sample

240820-n6lj3svarl
MD5

a9efaa71d389536c5df61fc6b6f110a0
SHA1

2ec1ff0e99203c24afc3d453eef53baea8a1ae42
SHA256

c85b8803ce450f24ceb194c5989a902db2ab0571ff6cd7a49a31ba311d894f7c
SHA512

721d02896886a55d5cf910a1fcbc0a3b7d4aeb1c2189993f4c94fceedc46109fd3881a897cdb1282d544250fb5ac53319c7460053aeed58a5fa81a9b31b28e92
SSDEEP

3072:LhYiCQXKgH7xFjsDlyk+AZ6cGdgwQDDu15/aE8tggrkVCuLnT:d7xFGlyfAZ5DDuLyqzT

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

134.209.182.12:443

188.40.100.254:4664

103.109.247.9:10443

rc4.plain

rc4.plain

Targets

- Target
  
  a9efaa71d389536c5df61fc6b6f110a0N.exe
- Size
  
  188KB
- MD5
  
  a9efaa71d389536c5df61fc6b6f110a0
- SHA1
  
  2ec1ff0e99203c24afc3d453eef53baea8a1ae42
- SHA256
  
  c85b8803ce450f24ceb194c5989a902db2ab0571ff6cd7a49a31ba311d894f7c
- SHA512
  
  721d02896886a55d5cf910a1fcbc0a3b7d4aeb1c2189993f4c94fceedc46109fd3881a897cdb1282d544250fb5ac53319c7460053aeed58a5fa81a9b31b28e92
- SSDEEP
  
  3072:LhYiCQXKgH7xFjsDlyk+AZ6cGdgwQDDu15/aE8tggrkVCuLnT:d7xFGlyfAZ5DDuLyqzT
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader