dridex | 86950db6643215e238e1ca79a2d1942a5bd5638608f43965c71d4ff10c442757 | Triage

Sharing

General

Target

JaffaCakes118_86950db6643215e238e1ca79a2d1942a5bd5638608f43965c71d4ff10c442757
Size

188KB
Sample

241223-13gg6ssrcx
MD5

95785ed525324f4e5905842dbfc15d83
SHA1

a6887ec45d602702fd8407dcb12adb3c194aeb01
SHA256

86950db6643215e238e1ca79a2d1942a5bd5638608f43965c71d4ff10c442757
SHA512

ac23e394d0bda6a8b22d1286791965aeea28347459083f7c15a2d8a59f8c16dcd66db9262dff2aa8a6376d81db1ccdb335d23155a8bbee360ce4c429ac8b757d
SSDEEP

3072:HteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIz/9qM:fq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_86950db6643215e238e1ca79a2d1942a5bd5638608f43965c71d4ff10c442757
- Size
  
  188KB
- MD5
  
  95785ed525324f4e5905842dbfc15d83
- SHA1
  
  a6887ec45d602702fd8407dcb12adb3c194aeb01
- SHA256
  
  86950db6643215e238e1ca79a2d1942a5bd5638608f43965c71d4ff10c442757
- SHA512
  
  ac23e394d0bda6a8b22d1286791965aeea28347459083f7c15a2d8a59f8c16dcd66db9262dff2aa8a6376d81db1ccdb335d23155a8bbee360ce4c429ac8b757d
- SSDEEP
  
  3072:HteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIz/9qM:fq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader