dridex | 9cfbf647939dbf43ee77d4dd8d897dfdf3667284ee01783e31f67047f6cada68 | Triage

Sharing

General

Target

9cfbf647939dbf43ee77d4dd8d897dfdf3667284ee01783e31f67047f6cada68
Size

665KB
Sample

240912-ahrjja1dmf
MD5

1967e91ca658d86d3b3592cc557927db
SHA1

86d3590805065ab7a48145f471acc079c5e78eb5
SHA256

9cfbf647939dbf43ee77d4dd8d897dfdf3667284ee01783e31f67047f6cada68
SHA512

a42e0f825965aca2cbf6f82d46dd2f6bda3dbc93d32bd84429318570961f2dff77824e8e09f6085cc94ef0457448edab55398dd90ed39219b4c28109cc82842e
SSDEEP

12288:5SOP47es0e6yHPJDk726F6Vn2yQlNyM/OwGS80L2:5BQes0e6yHjH

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

144.76.1.150:443

50.249.212.98:23399

104.168.154.79:5007

rc4.plain

rc4.plain

Targets

- Target
  
  9cfbf647939dbf43ee77d4dd8d897dfdf3667284ee01783e31f67047f6cada68
- Size
  
  665KB
- MD5
  
  1967e91ca658d86d3b3592cc557927db
- SHA1
  
  86d3590805065ab7a48145f471acc079c5e78eb5
- SHA256
  
  9cfbf647939dbf43ee77d4dd8d897dfdf3667284ee01783e31f67047f6cada68
- SHA512
  
  a42e0f825965aca2cbf6f82d46dd2f6bda3dbc93d32bd84429318570961f2dff77824e8e09f6085cc94ef0457448edab55398dd90ed39219b4c28109cc82842e
- SSDEEP
  
  12288:5SOP47es0e6yHPJDk726F6Vn2yQlNyM/OwGS80L2:5BQes0e6yHjH
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader