dridex | 2db0d320caf3a5472c35eaaf4f1083ac8fcfc202f47b3e1be7112eb0f5d0cb18 | Triage

Sharing

General

Target

JaffaCakes118_2db0d320caf3a5472c35eaaf4f1083ac8fcfc202f47b3e1be7112eb0f5d0cb18
Size

184KB
Sample

241223-1dkhjaskdj
MD5

97daabe2a1d23b30492ea8c8c56ae4ef
SHA1

e4731d98d31eb98bef81287fc75834c9c50dc65c
SHA256

2db0d320caf3a5472c35eaaf4f1083ac8fcfc202f47b3e1be7112eb0f5d0cb18
SHA512

a9cd11e334d3a0fdf4e1ff7d7dd5de4d1de94936ed273a47d9396547230f74491963e68b4628c91e2526f0c82f8e02caf8d56296b41b7dd236a5a58311cff7a8
SSDEEP

3072:hgkQz1PuOprc+kq6VNOe3qbarVEpZlcbBacS9nOdg3dA4l:4PFkq6zOe5ilSanO4d

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.75.201.2:443

158.223.1.108:6225

165.22.28.242:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_2db0d320caf3a5472c35eaaf4f1083ac8fcfc202f47b3e1be7112eb0f5d0cb18
- Size
  
  184KB
- MD5
  
  97daabe2a1d23b30492ea8c8c56ae4ef
- SHA1
  
  e4731d98d31eb98bef81287fc75834c9c50dc65c
- SHA256
  
  2db0d320caf3a5472c35eaaf4f1083ac8fcfc202f47b3e1be7112eb0f5d0cb18
- SHA512
  
  a9cd11e334d3a0fdf4e1ff7d7dd5de4d1de94936ed273a47d9396547230f74491963e68b4628c91e2526f0c82f8e02caf8d56296b41b7dd236a5a58311cff7a8
- SSDEEP
  
  3072:hgkQz1PuOprc+kq6VNOe3qbarVEpZlcbBacS9nOdg3dA4l:4PFkq6zOe5ilSanO4d
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader