dridex | ef1fcf79539413a707f2d9ec03ca91964ee37ba993b06efeca77ddb8b83ccdac | Triage

Sharing

General

Target

JaffaCakes118_ef1fcf79539413a707f2d9ec03ca91964ee37ba993b06efeca77ddb8b83ccdac
Size

164KB
Sample

241222-dyscjs1qa1
MD5

b47c6f145d386786bba7647078c88f8a
SHA1

23ef43f1354f256752e2e44acfb760dfad5cc50b
SHA256

ef1fcf79539413a707f2d9ec03ca91964ee37ba993b06efeca77ddb8b83ccdac
SHA512

d9bf9d010e9ac8851559f45b7cf26ac0a41e45a80c3879b461fe0b444537dffe1a2495bfd8a6d15a9bde24043334df4d57d3e229ad2818098bfc943677b915ce
SSDEEP

3072:TBefihU8fQ2Sob/xg+eNV1A1I3aiI8i3GdVAzuECtNjP3/3ioP7y11a0E:TBefiv/12+2A1AIpFzxCtNjHSoPm11J

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

45.123.40.54:443

82.209.17.209:8172

180.250.21.2:13721

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_ef1fcf79539413a707f2d9ec03ca91964ee37ba993b06efeca77ddb8b83ccdac
- Size
  
  164KB
- MD5
  
  b47c6f145d386786bba7647078c88f8a
- SHA1
  
  23ef43f1354f256752e2e44acfb760dfad5cc50b
- SHA256
  
  ef1fcf79539413a707f2d9ec03ca91964ee37ba993b06efeca77ddb8b83ccdac
- SHA512
  
  d9bf9d010e9ac8851559f45b7cf26ac0a41e45a80c3879b461fe0b444537dffe1a2495bfd8a6d15a9bde24043334df4d57d3e229ad2818098bfc943677b915ce
- SSDEEP
  
  3072:TBefihU8fQ2Sob/xg+eNV1A1I3aiI8i3GdVAzuECtNjP3/3ioP7y11a0E:TBefiv/12+2A1AIpFzxCtNjHSoPm11J
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader