dridex | 082d03afbb8bcc11a0bbf84a3747473cb72ecc7a0705e28514ceca08c90834ed | Triage

Sharing

General

Target

0632b21fb01b774106c1c9e89534fa23_JaffaCakes118
Size

184KB
Sample

241001-rsy5sstgkm
MD5

0632b21fb01b774106c1c9e89534fa23
SHA1

408fa883505b297d9604f973814cae2ff7bc221b
SHA256

082d03afbb8bcc11a0bbf84a3747473cb72ecc7a0705e28514ceca08c90834ed
SHA512

b8eda191d649154931bb85809dc2dc4a6b0349074c17bb30ed97a043c17d7e81b74056725cd50c5d8cd6f676c9d8446ce87dfe7996574ca2d7fec0d852b9fd2f
SSDEEP

3072:sDHMD9LnP1KxPqM8/1xYTCKJJ+xpm2s7E7jnR1VzGQiEFMFfsvQ:wMhP1cq7/16CT9jnR1Vz7ia

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

137.74.112.43:443

216.108.227.55:6225

94.177.176.51:5723

rc4.plain

rc4.plain

Targets

- Target
  
  0632b21fb01b774106c1c9e89534fa23_JaffaCakes118
- Size
  
  184KB
- MD5
  
  0632b21fb01b774106c1c9e89534fa23
- SHA1
  
  408fa883505b297d9604f973814cae2ff7bc221b
- SHA256
  
  082d03afbb8bcc11a0bbf84a3747473cb72ecc7a0705e28514ceca08c90834ed
- SHA512
  
  b8eda191d649154931bb85809dc2dc4a6b0349074c17bb30ed97a043c17d7e81b74056725cd50c5d8cd6f676c9d8446ce87dfe7996574ca2d7fec0d852b9fd2f
- SSDEEP
  
  3072:sDHMD9LnP1KxPqM8/1xYTCKJJ+xpm2s7E7jnR1VzGQiEFMFfsvQ:wMhP1cq7/16CT9jnR1Vz7ia
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader