dridex | 761e1cbb73718e75d0819ecf07da62b1df80ba1ed1e88f648044972b5216d95b | Triage

Sharing

General

Target

JaffaCakes118_761e1cbb73718e75d0819ecf07da62b1df80ba1ed1e88f648044972b5216d95b
Size

184KB
Sample

241222-mh2eysvjd1
MD5

e9e1621f4a96fcf934a6e37a2d873474
SHA1

64b4ade81173a532831baed60db5b3f3c1e38d9f
SHA256

761e1cbb73718e75d0819ecf07da62b1df80ba1ed1e88f648044972b5216d95b
SHA512

0a759e374b207d1652f299d43d11347cf24f5d73fd5da8ec42240c6e08b6d64be852ec8835679ddfe0a3bb715c16d1d2b3e3c552ba35d4d2cea1eae497746ee5
SSDEEP

3072:9iLVj+luuUXoPOK2z1WPRgg5YbW+d0Ojk1bSA5q/eaoKlzoxss7:9iLVCIT4WK2z1W+CUHZj4Skq/eaoAoC

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

80.241.218.90:443

103.161.172.109:13786

87.98.128.76:5723

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_761e1cbb73718e75d0819ecf07da62b1df80ba1ed1e88f648044972b5216d95b
- Size
  
  184KB
- MD5
  
  e9e1621f4a96fcf934a6e37a2d873474
- SHA1
  
  64b4ade81173a532831baed60db5b3f3c1e38d9f
- SHA256
  
  761e1cbb73718e75d0819ecf07da62b1df80ba1ed1e88f648044972b5216d95b
- SHA512
  
  0a759e374b207d1652f299d43d11347cf24f5d73fd5da8ec42240c6e08b6d64be852ec8835679ddfe0a3bb715c16d1d2b3e3c552ba35d4d2cea1eae497746ee5
- SSDEEP
  
  3072:9iLVj+luuUXoPOK2z1WPRgg5YbW+d0Ojk1bSA5q/eaoKlzoxss7:9iLVCIT4WK2z1W+CUHZj4Skq/eaoAoC
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader