dridex | 61e470c2e27a7f64f4b9c26ee67b209d1c3f3563d9968c39883354ba7874d1ce | Triage

Sharing

General

Target

JaffaCakes118_61e470c2e27a7f64f4b9c26ee67b209d1c3f3563d9968c39883354ba7874d1ce
Size

184KB
Sample

241221-znnr9szjav
MD5

51b1a6a82e568f0f2eb702015108e887
SHA1

eaee772e538b604cd180aacf37616cc5c571a160
SHA256

61e470c2e27a7f64f4b9c26ee67b209d1c3f3563d9968c39883354ba7874d1ce
SHA512

97fb61d495a584e7e5b05765517411c081018307d11087e7976b916bbca7d145b9049220b1a833a03ccd28263d76f1063ab851c41c92c84ee6619ea7dac4a728
SSDEEP

3072:ziLVj+luuUXoPOK2z1WPRgg5YbW+d0Ojk1bSA5q/eaoPlzoxss7:ziLVCIT4WK2z1W+CUHZj4Skq/eaoNoC

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

80.241.218.90:443

103.161.172.109:13786

87.98.128.76:5723

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_61e470c2e27a7f64f4b9c26ee67b209d1c3f3563d9968c39883354ba7874d1ce
- Size
  
  184KB
- MD5
  
  51b1a6a82e568f0f2eb702015108e887
- SHA1
  
  eaee772e538b604cd180aacf37616cc5c571a160
- SHA256
  
  61e470c2e27a7f64f4b9c26ee67b209d1c3f3563d9968c39883354ba7874d1ce
- SHA512
  
  97fb61d495a584e7e5b05765517411c081018307d11087e7976b916bbca7d145b9049220b1a833a03ccd28263d76f1063ab851c41c92c84ee6619ea7dac4a728
- SSDEEP
  
  3072:ziLVj+luuUXoPOK2z1WPRgg5YbW+d0Ojk1bSA5q/eaoPlzoxss7:ziLVCIT4WK2z1W+CUHZj4Skq/eaoNoC
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader