dridex | f33580b3f1f69ab74b1e5454da5ee7cfa49e920883a764fafed64f9561089c7d | Triage

Sharing

General

Target

JaffaCakes118_f33580b3f1f69ab74b1e5454da5ee7cfa49e920883a764fafed64f9561089c7d
Size

188KB
Sample

241223-16bfbstkhq
MD5

12c516149a38898b07dba77ede3d39dc
SHA1

19549ab653a5e2c2ed0cc5c03ec836ac132c761e
SHA256

f33580b3f1f69ab74b1e5454da5ee7cfa49e920883a764fafed64f9561089c7d
SHA512

bff6374f0e8abaf6473f310159cfdb4883707ff31b58edecff1bc846daf3c448cfa016ccb276d53af234eea4d8d4fe6642ac74941b8f50ce9cbaa8f98f9920af
SSDEEP

3072:zteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzS9qM:7q7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_f33580b3f1f69ab74b1e5454da5ee7cfa49e920883a764fafed64f9561089c7d
- Size
  
  188KB
- MD5
  
  12c516149a38898b07dba77ede3d39dc
- SHA1
  
  19549ab653a5e2c2ed0cc5c03ec836ac132c761e
- SHA256
  
  f33580b3f1f69ab74b1e5454da5ee7cfa49e920883a764fafed64f9561089c7d
- SHA512
  
  bff6374f0e8abaf6473f310159cfdb4883707ff31b58edecff1bc846daf3c448cfa016ccb276d53af234eea4d8d4fe6642ac74941b8f50ce9cbaa8f98f9920af
- SSDEEP
  
  3072:zteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzS9qM:7q7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader