dridex | 4ec96d973445b35ef616d8eb4b042d8207c734492cbfd32008d4a971d707c225 | Triage

Sharing

General

Target

61a2e40b1e9347830249e4fa73e1ff11_JaffaCakes118
Size

184KB
Sample

241020-lzh49stgrm
MD5

61a2e40b1e9347830249e4fa73e1ff11
SHA1

3105f73c01a1cc000637a78defc2b6e797f09920
SHA256

4ec96d973445b35ef616d8eb4b042d8207c734492cbfd32008d4a971d707c225
SHA512

b2fb831d80c2f3626bebd1e6536b2c94302034151667f617b67e80639c4858615f01d87f67dfb9bee94895027b3bbc2a198a2ffecf1f6fa20e71f5d9bdc5b83c
SSDEEP

3072:+DHMD9LnP1KxPqM8/1xYTCKJJ+xpm2s7E7jnR1VzGQiEFMFvsvQ:uMhP1cq7/16CT9jnR1Vz7iK

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

137.74.112.43:443

216.108.227.55:6225

94.177.176.51:5723

rc4.plain

rc4.plain

Targets

- Target
  
  61a2e40b1e9347830249e4fa73e1ff11_JaffaCakes118
- Size
  
  184KB
- MD5
  
  61a2e40b1e9347830249e4fa73e1ff11
- SHA1
  
  3105f73c01a1cc000637a78defc2b6e797f09920
- SHA256
  
  4ec96d973445b35ef616d8eb4b042d8207c734492cbfd32008d4a971d707c225
- SHA512
  
  b2fb831d80c2f3626bebd1e6536b2c94302034151667f617b67e80639c4858615f01d87f67dfb9bee94895027b3bbc2a198a2ffecf1f6fa20e71f5d9bdc5b83c
- SSDEEP
  
  3072:+DHMD9LnP1KxPqM8/1xYTCKJJ+xpm2s7E7jnR1VzGQiEFMFvsvQ:uMhP1cq7/16CT9jnR1Vz7iK
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader