dridex | f6638116be28ecf4e5d9fd2510dbec85e045698caf6891c4673174fb9f1a8499 | Triage

Sharing

General

Target

JaffaCakes118_f6638116be28ecf4e5d9fd2510dbec85e045698caf6891c4673174fb9f1a8499
Size

184KB
Sample

241222-qfgjjsyrax
MD5

c36c664f455d9b47332a030d89b711e9
SHA1

e0f64d8b8c2fa7903ddeb9520c1fe1084d55943c
SHA256

f6638116be28ecf4e5d9fd2510dbec85e045698caf6891c4673174fb9f1a8499
SHA512

8d1bdccd2933a7ee177871242169a1428ea204cab692a7f115f96514c0e02db39ba4847e6dbc69eb9bc44119722a462a69fb5b65d1f24f9af599c4a2b7e75bf2
SSDEEP

3072:/uwfhNXphcqs2tJYsoa9Xibolk0CtPBU1jhhF8ZJ8fDo4K3lmsb:F7TXYsd9SkONU1jKGlAlm

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

103.75.201.2:443

158.223.1.108:6225

165.22.28.242:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_f6638116be28ecf4e5d9fd2510dbec85e045698caf6891c4673174fb9f1a8499
- Size
  
  184KB
- MD5
  
  c36c664f455d9b47332a030d89b711e9
- SHA1
  
  e0f64d8b8c2fa7903ddeb9520c1fe1084d55943c
- SHA256
  
  f6638116be28ecf4e5d9fd2510dbec85e045698caf6891c4673174fb9f1a8499
- SHA512
  
  8d1bdccd2933a7ee177871242169a1428ea204cab692a7f115f96514c0e02db39ba4847e6dbc69eb9bc44119722a462a69fb5b65d1f24f9af599c4a2b7e75bf2
- SSDEEP
  
  3072:/uwfhNXphcqs2tJYsoa9Xibolk0CtPBU1jhhF8ZJ8fDo4K3lmsb:F7TXYsd9SkONU1jKGlAlm
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader