dridex | dda4d4af2b21535d858ec31f61089ef7b44b1af0340f6d25da1af35fec6f1847 | Triage

Sharing

General

Target

JaffaCakes118_dda4d4af2b21535d858ec31f61089ef7b44b1af0340f6d25da1af35fec6f1847
Size

166KB
Sample

241222-aqz6msvrcv
MD5

87ca21d25055044101a756b93a695987
SHA1

f6a1777ec546203aef03fddbb9adebeff77ae0d7
SHA256

dda4d4af2b21535d858ec31f61089ef7b44b1af0340f6d25da1af35fec6f1847
SHA512

6ba18cc557b6a86ffc14b63dd6c72d169a669189a19336b947ccceac4a6c0aa8e276dd9dcd780c3e4a413ba77adc414c38a778ce29f8d85cb4946dc7556d1ab7
SSDEEP

3072:OuFbQtsYQcjxanytIp92/l1iPPqs1/whG68DaHrnpDZ+rS:O0czbty9uiaJluS

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

131.100.24.202:443

193.160.214.95:4125

67.43.4.76:8172

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_dda4d4af2b21535d858ec31f61089ef7b44b1af0340f6d25da1af35fec6f1847
- Size
  
  166KB
- MD5
  
  87ca21d25055044101a756b93a695987
- SHA1
  
  f6a1777ec546203aef03fddbb9adebeff77ae0d7
- SHA256
  
  dda4d4af2b21535d858ec31f61089ef7b44b1af0340f6d25da1af35fec6f1847
- SHA512
  
  6ba18cc557b6a86ffc14b63dd6c72d169a669189a19336b947ccceac4a6c0aa8e276dd9dcd780c3e4a413ba77adc414c38a778ce29f8d85cb4946dc7556d1ab7
- SSDEEP
  
  3072:OuFbQtsYQcjxanytIp92/l1iPPqs1/whG68DaHrnpDZ+rS:O0czbty9uiaJluS
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader