dridex | 584535560c1edb7f31466ce2efacf0cd4ca94cb91929aaf08f22ac530071f88e | Triage

Sharing

General

Target

JaffaCakes118_584535560c1edb7f31466ce2efacf0cd4ca94cb91929aaf08f22ac530071f88e
Size

368KB
Sample

241222-fgwpravjhj
MD5

3895d9b1fb4d0683851cb2e447946db5
SHA1

bc0ab78947a6b4d139c8c02ef4d1988bde9972bd
SHA256

584535560c1edb7f31466ce2efacf0cd4ca94cb91929aaf08f22ac530071f88e
SHA512

44424f9a06d3aa8a5ae869e569636ff67cb7e4a8581c586bc830cc469f3f214616d5f4bb3b441ce2d6f086aa336f6d709853ce87d77852829f569a4c9da5c333
SSDEEP

6144:GEKL3LknXHDIPiF2Sck8Frj8wtUYt56+osCoN/8ZICr8AdIeD7+tjtchmkY5f5dE:T2bknXHDI6MSckUgwtUI56+o56El3dim

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

155.138.203.91:443

207.180.220.242:8116

46.101.142.214:6891

rc4.plain

rc4.plain

Targets

- Target
  
  5_netplwiz.dll
- Size
  
  180KB
- MD5
  
  766cbe3c26ced2d55252490f519ff4fa
- SHA1
  
  a31074006b5aca4e681cd72fd0055bff85c584b2
- SHA256
  
  b34a364fca951188246775346510738b9ac99cc01976e916b1095a6a4f97bbe3
- SHA512
  
  c78114cb47d1533de96eba4c6c98534d370e46b34c188b28e2c24a073855f90557d6790b3dda6f11b00961b9be5e09126216995e3bea8be7e86b441b72526f40
- SSDEEP
  
  3072:9+8xp4RPerDATzSZBBQs7iRE2PJspXlgQo/D1FZdvF+mAuZz6iTK:A8DQ+cfABus72E2PGpG/PvBAli
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2
- Target
  
  6_mqtrig.dll
- Size
  
  180KB
- MD5
  
  e9111abf76f914c5d8831d39e0fe71e5
- SHA1
  
  bba7a5a184577daef489cd5b7d00851e767a5164
- SHA256
  
  75adbe053b2e26da9cf6681eddf9b282e8e2c3ee20cfc60bd3ee7fab471dda9b
- SHA512
  
  d4728310013f54337abc175a52b79ce8524d42b4d41106a0636bace1dbfb7904b984431c16078118e3e97c1c5ed15f5aa4dba909c32e10041352a72a478a94d2
- SSDEEP
  
  3072:z+8XBp4RPerDATzSZBBQs7iRE2PJspXlgQo/D1FZdvF+mAuZw6iTK:i8DQ+cfABus72E2PGpG/PvBAqi
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral3 behavioral4
- Target
  
  7_msdtckrm.dll
- Size
  
  180KB
- MD5
  
  78efcbf78180862250dda72701f2f1b1
- SHA1
  
  2bdef6651de6cd9ee884149b894141c95650b6e7
- SHA256
  
  972450a14781c1a1be59542e69585fa8548d2150ede9045009d1016472a34597
- SHA512
  
  e54569fda2f4aafc02c5bbd00012a0a83822d85c391378302d44008b0556ac6e1ab3d90bdf3148a9ad93d20886d0893403b877b71580f8f69c849bfc65b5f022
- SSDEEP
  
  3072:y+8ap4RPerDATzSZBBQs7iRE2PJspXlgQo/D1FZdvF+mAuZl6iTK:p8oQ+cfABus72E2PGpG/PvBAPi
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader

behavioral3

dridex22202botnetdiscoveryloader

behavioral4

dridex22202botnetdiscoveryloader

behavioral5

dridex22202botnetdiscoveryloader

behavioral6

dridex22202botnetdiscoveryloader