dridex | 3d4f216a58e4aec5ceccbb022b465802346193390a671cb493d9181e22cf3ab3 | Triage

Sharing

General

Target

JaffaCakes118_3d4f216a58e4aec5ceccbb022b465802346193390a671cb493d9181e22cf3ab3
Size

162KB
Sample

241221-ypys7aylbk
MD5

703be9e2b532b34cfb22e92d1d198f81
SHA1

325926b56e156fdace30d88dc389abff90aab04a
SHA256

3d4f216a58e4aec5ceccbb022b465802346193390a671cb493d9181e22cf3ab3
SHA512

0ca7976f5fd0fb022dcb3a2879dfaf827566006997d88a7337124c459f4b5092bc32452e53ede85720027c4605321af330155435e283a6e61350af618b02eb2a
SSDEEP

3072:4esl4+VdlY+01jb5SA5hg9PTEfPa1x+pq0KbuFicLG5:S4+VZQpt5hyPsa1ekiEF5

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

203.114.109.124:443

82.165.145.100:6601

94.177.255.18:8172

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_3d4f216a58e4aec5ceccbb022b465802346193390a671cb493d9181e22cf3ab3
- Size
  
  162KB
- MD5
  
  703be9e2b532b34cfb22e92d1d198f81
- SHA1
  
  325926b56e156fdace30d88dc389abff90aab04a
- SHA256
  
  3d4f216a58e4aec5ceccbb022b465802346193390a671cb493d9181e22cf3ab3
- SHA512
  
  0ca7976f5fd0fb022dcb3a2879dfaf827566006997d88a7337124c459f4b5092bc32452e53ede85720027c4605321af330155435e283a6e61350af618b02eb2a
- SSDEEP
  
  3072:4esl4+VdlY+01jb5SA5hg9PTEfPa1x+pq0KbuFicLG5:S4+VZQpt5hyPsa1ekiEF5
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader