dridex | 5131bf56f09da0591e562c0265bbea8e795ab741bf1f1c1a25d25ab5241718aa | Triage

Sharing

General

Target

9ffa02b7adb43904963188d837ff88b2_JaffaCakes118
Size

184KB
Sample

241126-fq5n1swkft
MD5

9ffa02b7adb43904963188d837ff88b2
SHA1

3dc5d8b41f6f29d8c86f979dc12d136e1fbf7ecb
SHA256

5131bf56f09da0591e562c0265bbea8e795ab741bf1f1c1a25d25ab5241718aa
SHA512

13256b619dcbb16865506cf65f41821eeb193c0ac6a0fac6a30d12132b6c464d91df46d918bcdf1e3865b7e23f25756aee7bb4a248ea6e97a3bbe18969886e86
SSDEEP

3072:vDHMD9LnP1KxPqM8/1xYTCKJJ+xpm2s7E7jnR1VzGQiEFMF1svQ:TMhP1cq7/16CT9jnR1Vz7iI

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

137.74.112.43:443

216.108.227.55:6225

94.177.176.51:5723

rc4.plain

rc4.plain

Targets

- Target
  
  9ffa02b7adb43904963188d837ff88b2_JaffaCakes118
- Size
  
  184KB
- MD5
  
  9ffa02b7adb43904963188d837ff88b2
- SHA1
  
  3dc5d8b41f6f29d8c86f979dc12d136e1fbf7ecb
- SHA256
  
  5131bf56f09da0591e562c0265bbea8e795ab741bf1f1c1a25d25ab5241718aa
- SHA512
  
  13256b619dcbb16865506cf65f41821eeb193c0ac6a0fac6a30d12132b6c464d91df46d918bcdf1e3865b7e23f25756aee7bb4a248ea6e97a3bbe18969886e86
- SSDEEP
  
  3072:vDHMD9LnP1KxPqM8/1xYTCKJJ+xpm2s7E7jnR1VzGQiEFMF1svQ:TMhP1cq7/16CT9jnR1Vz7iI
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader