dridex | e62e61b8a04b127d3a75d98d3ec323813a31bf61048808229732fcd3b0adb4d7 | Triage

Sharing

General

Target

JaffaCakes118_e62e61b8a04b127d3a75d98d3ec323813a31bf61048808229732fcd3b0adb4d7
Size

163KB
Sample

241221-y2lz6aymcz
MD5

41f345b518682544c9a1a004c73154e4
SHA1

c788eed2532eff6a5b0db4611a7f20ee81550d44
SHA256

e62e61b8a04b127d3a75d98d3ec323813a31bf61048808229732fcd3b0adb4d7
SHA512

a9c22ea7fe570082715c2ece6b5c4d72ce89652b8304108e13283af2773d2f15ffe335bc05926bc1c99231463edd69a6afee80ff638b2efee384e1cd2e1eb7a7
SSDEEP

3072:8ar6Ys6p54kfdo+APr0aYSbeO6aal8jeytFQTOpp2J:es4p+ADxnSO6D2cOp

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

43.229.206.212:443

82.209.17.209:8172

162.241.209.225:4125

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_e62e61b8a04b127d3a75d98d3ec323813a31bf61048808229732fcd3b0adb4d7
- Size
  
  163KB
- MD5
  
  41f345b518682544c9a1a004c73154e4
- SHA1
  
  c788eed2532eff6a5b0db4611a7f20ee81550d44
- SHA256
  
  e62e61b8a04b127d3a75d98d3ec323813a31bf61048808229732fcd3b0adb4d7
- SHA512
  
  a9c22ea7fe570082715c2ece6b5c4d72ce89652b8304108e13283af2773d2f15ffe335bc05926bc1c99231463edd69a6afee80ff638b2efee384e1cd2e1eb7a7
- SSDEEP
  
  3072:8ar6Ys6p54kfdo+APr0aYSbeO6aal8jeytFQTOpp2J:es4p+ADxnSO6D2cOp
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader