dridex | 31d883327033b6efb446e9416952c638152072095e6fbfab537b74bee477b6ca | Triage

Sharing

General

Target

ce85500cad88257b43d84cda7cc264fa_JaffaCakes118
Size

324KB
Sample

240906-dsxp3stepc
MD5

ce85500cad88257b43d84cda7cc264fa
SHA1

bbfb63b922408ff7a3390da07c94885145371b40
SHA256

31d883327033b6efb446e9416952c638152072095e6fbfab537b74bee477b6ca
SHA512

6db38f51eedaf5f0bc5f768edfbaa3e2833cb9ba3194c8ba269698891d5860a0bd41d391d2b9f94074b0e58814a595585903aad0b1c982669c23d4e62d3bafa6
SSDEEP

6144:bud7KJ4hF7popQTRq3va4jl6u31Ut+Ji370HnBs4NeuVCC:g7yUReva4jlNoQnBXek1

Score

10^/10

dridex 10444 botnet discovery

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

51.75.24.85:443

46.22.116.163:3074

173.249.46.113:3889

192.241.174.45:4443

rc4.plain

rc4.plain

Targets

- Target
  
  ce85500cad88257b43d84cda7cc264fa_JaffaCakes118
- Size
  
  324KB
- MD5
  
  ce85500cad88257b43d84cda7cc264fa
- SHA1
  
  bbfb63b922408ff7a3390da07c94885145371b40
- SHA256
  
  31d883327033b6efb446e9416952c638152072095e6fbfab537b74bee477b6ca
- SHA512
  
  6db38f51eedaf5f0bc5f768edfbaa3e2833cb9ba3194c8ba269698891d5860a0bd41d391d2b9f94074b0e58814a595585903aad0b1c982669c23d4e62d3bafa6
- SSDEEP
  
  6144:bud7KJ4hF7popQTRq3va4jl6u31Ut+Ji370HnBs4NeuVCC:g7yUReva4jlNoQnBXek1
Score

10^/10

dridex 10444 botnet discovery
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex10444botnetdiscovery

behavioral2

dridex10444botnetdiscovery