dridex | a643d965a57ec3737813bab52c634f8a4b976c2118880367b9df06745880bfaa | Triage

Sharing

General

Target

JaffaCakes118_a643d965a57ec3737813bab52c634f8a4b976c2118880367b9df06745880bfaa
Size

166KB
Sample

241222-a7gqmawqhn
MD5

adf8c47382d8e501b7553fd3fa17a572
SHA1

9be9c097f1abca05d5c33ad9e076f4e660902c0c
SHA256

a643d965a57ec3737813bab52c634f8a4b976c2118880367b9df06745880bfaa
SHA512

d31a95bb4691677cc952b70d8a11b00ec07f59595dcab3b04f5965b0abd2cf2d40c1f78e3ca3a160636a30194dd8349f15bbbbd79e376d1a216c87bd31135a49
SSDEEP

3072:euFbQtsYQcjxanytIp92/l1iPPqs1/whG68DaHrnpDZ+3l:e0czbty9uiaJlCl

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

131.100.24.202:443

193.160.214.95:4125

67.43.4.76:8172

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_a643d965a57ec3737813bab52c634f8a4b976c2118880367b9df06745880bfaa
- Size
  
  166KB
- MD5
  
  adf8c47382d8e501b7553fd3fa17a572
- SHA1
  
  9be9c097f1abca05d5c33ad9e076f4e660902c0c
- SHA256
  
  a643d965a57ec3737813bab52c634f8a4b976c2118880367b9df06745880bfaa
- SHA512
  
  d31a95bb4691677cc952b70d8a11b00ec07f59595dcab3b04f5965b0abd2cf2d40c1f78e3ca3a160636a30194dd8349f15bbbbd79e376d1a216c87bd31135a49
- SSDEEP
  
  3072:euFbQtsYQcjxanytIp92/l1iPPqs1/whG68DaHrnpDZ+3l:e0czbty9uiaJlCl
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader