dridex | 93f1316535a8c763534408cb8404b6c3aa25de456f7478c762ca07db72114692 | Triage

Sharing

General

Target

JaffaCakes118_93f1316535a8c763534408cb8404b6c3aa25de456f7478c762ca07db72114692
Size

166KB
Sample

241222-wtqx2avqfq
MD5

d8b23e0cfdcba2cd14e7dc9d0070a097
SHA1

0bbc74ce408ff1f2681c10383c5d4f19bab27a54
SHA256

93f1316535a8c763534408cb8404b6c3aa25de456f7478c762ca07db72114692
SHA512

d4134569fbbb0a17e0f8955ce3b193fe3e345488528913e71b021eec0e3e8b5dc10cff467744c0e85c95a443d5dfe53b19fa6221cdbee95180f584339cd2c587
SSDEEP

3072:VuFbQtsYQcjxanytIp92/l1iPPqs1/whG68DaHrnpDZ+24:V0czbty9uiaJlP4

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

131.100.24.202:443

193.160.214.95:4125

67.43.4.76:8172

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_93f1316535a8c763534408cb8404b6c3aa25de456f7478c762ca07db72114692
- Size
  
  166KB
- MD5
  
  d8b23e0cfdcba2cd14e7dc9d0070a097
- SHA1
  
  0bbc74ce408ff1f2681c10383c5d4f19bab27a54
- SHA256
  
  93f1316535a8c763534408cb8404b6c3aa25de456f7478c762ca07db72114692
- SHA512
  
  d4134569fbbb0a17e0f8955ce3b193fe3e345488528913e71b021eec0e3e8b5dc10cff467744c0e85c95a443d5dfe53b19fa6221cdbee95180f584339cd2c587
- SSDEEP
  
  3072:VuFbQtsYQcjxanytIp92/l1iPPqs1/whG68DaHrnpDZ+24:V0czbty9uiaJlP4
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader