dridex | cc567a505e3e4df6bdb9fc30e00ef41006a7d22159f7cadc99d291507d7dcc68 | Triage

Sharing

General

Target

e92af5313a84ead5d5a42e167974c070N
Size

179KB
Sample

240910-zezheawame
MD5

e92af5313a84ead5d5a42e167974c070
SHA1

6ec334edc70f7fded9451b7cb82bb9b027137f92
SHA256

cc567a505e3e4df6bdb9fc30e00ef41006a7d22159f7cadc99d291507d7dcc68
SHA512

ede283bd83b814a2c7bbbb741eecaf3b1f845fcdcb040641e5477b764d0cde71e32956290f816ccb241fb4d2c2fc96d5d5945bf5067bffadf24b7f54d186ba82
SSDEEP

3072:MuCmyBVtWxZCOCA4Hpl1tv18FTETA8ocya/OyoSJPAacbnid8DOHPJ+HJG:AzWxkOP4p2EesvcDi6DOHPJF

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

144.76.1.150:443

50.249.212.98:23399

104.168.154.79:5007

rc4.plain

rc4.plain

Targets

- Target
  
  e92af5313a84ead5d5a42e167974c070N
- Size
  
  179KB
- MD5
  
  e92af5313a84ead5d5a42e167974c070
- SHA1
  
  6ec334edc70f7fded9451b7cb82bb9b027137f92
- SHA256
  
  cc567a505e3e4df6bdb9fc30e00ef41006a7d22159f7cadc99d291507d7dcc68
- SHA512
  
  ede283bd83b814a2c7bbbb741eecaf3b1f845fcdcb040641e5477b764d0cde71e32956290f816ccb241fb4d2c2fc96d5d5945bf5067bffadf24b7f54d186ba82
- SSDEEP
  
  3072:MuCmyBVtWxZCOCA4Hpl1tv18FTETA8ocya/OyoSJPAacbnid8DOHPJ+HJG:AzWxkOP4p2EesvcDi6DOHPJF
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader