dridex | 2ff9e0b3b87d13f863c80535ce5ef01503419ff208f6845c354074944121b51d | Triage

Sharing

General

Target

8f32e744bb08562fa7908945a94cc7ed_JaffaCakes118
Size

184KB
Sample

241104-e9efhawqal
MD5

8f32e744bb08562fa7908945a94cc7ed
SHA1

b748d7e9607d4bcb99ed549978c86b516f99202b
SHA256

2ff9e0b3b87d13f863c80535ce5ef01503419ff208f6845c354074944121b51d
SHA512

fb5603c923ed2abe2e4619768bb31f18db997fa4cd93f18a3b34fff80629a3cc1305b198c9d354a559c46ab0ab0498373a4b27303b9cafdcae2b126a2e8b3969
SSDEEP

3072:6DHMD9LnP1KxPqM8/1xYTCKJJ+xpm2s7E7jnR1VzGQiEFMFRsvQ:SMhP1cq7/16CT9jnR1Vz7is

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

137.74.112.43:443

216.108.227.55:6225

94.177.176.51:5723

rc4.plain

rc4.plain

Targets

- Target
  
  8f32e744bb08562fa7908945a94cc7ed_JaffaCakes118
- Size
  
  184KB
- MD5
  
  8f32e744bb08562fa7908945a94cc7ed
- SHA1
  
  b748d7e9607d4bcb99ed549978c86b516f99202b
- SHA256
  
  2ff9e0b3b87d13f863c80535ce5ef01503419ff208f6845c354074944121b51d
- SHA512
  
  fb5603c923ed2abe2e4619768bb31f18db997fa4cd93f18a3b34fff80629a3cc1305b198c9d354a559c46ab0ab0498373a4b27303b9cafdcae2b126a2e8b3969
- SSDEEP
  
  3072:6DHMD9LnP1KxPqM8/1xYTCKJJ+xpm2s7E7jnR1VzGQiEFMFRsvQ:SMhP1cq7/16CT9jnR1Vz7is
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader