dridex | ad92a24126e50c24f93482893e99b7d13cdfb48331fda5d2b818ccfa0b8fec17 | Triage

Sharing

General

Target

fc5234190070e2831558a3d91d6cf1c2_JaffaCakes118
Size

768KB
Sample

240928-pwqayswemm
MD5

fc5234190070e2831558a3d91d6cf1c2
SHA1

188993c2ffd2bf3c835dc270d35b55d66d1ce245
SHA256

ad92a24126e50c24f93482893e99b7d13cdfb48331fda5d2b818ccfa0b8fec17
SHA512

1919f73ae052fcc4dd73e262ef99874aa1f149c59fbb5c1fec6c08d44107ae38bbed51424c834ead0ee4fefe92cd2f102055996a3645cecaca03c9cf62ad4bea
SSDEEP

12288:LAJfG7BG7Ihl4RoyJqTf3gZYk0mec81X8U8tnx:Ln07IY6yJqb3g41L1MU8b

Score

10^/10

dridex 10111 botnet discovery

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

185.89.158.19:443

144.217.7.207:4443

59.10.131.141:34443

rc4.plain

rc4.plain

Targets

- Target
  
  fc5234190070e2831558a3d91d6cf1c2_JaffaCakes118
- Size
  
  768KB
- MD5
  
  fc5234190070e2831558a3d91d6cf1c2
- SHA1
  
  188993c2ffd2bf3c835dc270d35b55d66d1ce245
- SHA256
  
  ad92a24126e50c24f93482893e99b7d13cdfb48331fda5d2b818ccfa0b8fec17
- SHA512
  
  1919f73ae052fcc4dd73e262ef99874aa1f149c59fbb5c1fec6c08d44107ae38bbed51424c834ead0ee4fefe92cd2f102055996a3645cecaca03c9cf62ad4bea
- SSDEEP
  
  12288:LAJfG7BG7Ihl4RoyJqTf3gZYk0mec81X8U8tnx:Ln07IY6yJqb3g41L1MU8b
Score

10^/10

dridex 10111 botnet discovery
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex10111botnetdiscovery

behavioral2

dridex10111botnetdiscovery