dridex | 56ba01c05d85e3ddcf8ad6fba10ecbf31037a09f14aac67e58ddade95cc56163 | Triage

Sharing

General

Target

JaffaCakes118_56ba01c05d85e3ddcf8ad6fba10ecbf31037a09f14aac67e58ddade95cc56163
Size

166KB
Sample

241222-ca4v1aylbv
MD5

3e61176cf2c52ab93678b88362e99fd6
SHA1

c8dac53d000daa7f84304b960257d68b44aaf3f1
SHA256

56ba01c05d85e3ddcf8ad6fba10ecbf31037a09f14aac67e58ddade95cc56163
SHA512

ba758022fc68c335413939aaa0da86ea3a7fe1c76d00299b078472ee29bdb5dc8712ff9740202f4f6d630984cc6d74dcd8462fb72a5c97dfcea829c569657adf
SSDEEP

3072:PuFbQtsYQcjxanytIp92/l1iPPqs1/whG68DaHrnpDZ+jN:P0czbty9uiaJlqN

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

131.100.24.202:443

193.160.214.95:4125

67.43.4.76:8172

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_56ba01c05d85e3ddcf8ad6fba10ecbf31037a09f14aac67e58ddade95cc56163
- Size
  
  166KB
- MD5
  
  3e61176cf2c52ab93678b88362e99fd6
- SHA1
  
  c8dac53d000daa7f84304b960257d68b44aaf3f1
- SHA256
  
  56ba01c05d85e3ddcf8ad6fba10ecbf31037a09f14aac67e58ddade95cc56163
- SHA512
  
  ba758022fc68c335413939aaa0da86ea3a7fe1c76d00299b078472ee29bdb5dc8712ff9740202f4f6d630984cc6d74dcd8462fb72a5c97dfcea829c569657adf
- SSDEEP
  
  3072:PuFbQtsYQcjxanytIp92/l1iPPqs1/whG68DaHrnpDZ+jN:P0czbty9uiaJlqN
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader