dridex | f77e3ed09dfa4f7f6f7e62669b10a254263a7d8dd2f7551fb574a70d1214570c | Triage

Sharing

General

Target

JaffaCakes118_f77e3ed09dfa4f7f6f7e62669b10a254263a7d8dd2f7551fb574a70d1214570c
Size

184KB
Sample

241222-xg4tsswmck
MD5

cef0235f0363cfc0ae463032682e5b9d
SHA1

b0d88ff038555f7667051fa113d902050fd690ce
SHA256

f77e3ed09dfa4f7f6f7e62669b10a254263a7d8dd2f7551fb574a70d1214570c
SHA512

1b4d9139c8cf84db07b7f95e5318d1183bce2a2db22e9b9abedf186814b851f0419d738bdc0c07b0f12dc38f62f691678ca8e5e0b8bac6383191d5a570b7e8c0
SSDEEP

3072:riLVj+luuUXoPOK2z1WPRgg5YbW+d0Ojk1bSA5q/eao9lzoxss7:riLVCIT4WK2z1W+CUHZj4Skq/eaoToC

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

80.241.218.90:443

103.161.172.109:13786

87.98.128.76:5723

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_f77e3ed09dfa4f7f6f7e62669b10a254263a7d8dd2f7551fb574a70d1214570c
- Size
  
  184KB
- MD5
  
  cef0235f0363cfc0ae463032682e5b9d
- SHA1
  
  b0d88ff038555f7667051fa113d902050fd690ce
- SHA256
  
  f77e3ed09dfa4f7f6f7e62669b10a254263a7d8dd2f7551fb574a70d1214570c
- SHA512
  
  1b4d9139c8cf84db07b7f95e5318d1183bce2a2db22e9b9abedf186814b851f0419d738bdc0c07b0f12dc38f62f691678ca8e5e0b8bac6383191d5a570b7e8c0
- SSDEEP
  
  3072:riLVj+luuUXoPOK2z1WPRgg5YbW+d0Ojk1bSA5q/eao9lzoxss7:riLVCIT4WK2z1W+CUHZj4Skq/eaoToC
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader