dridex | 35160da9c79c3838596c3677ca82259bb0ee83e669103f46f8bea563e1008a7f | Triage

Sharing

General

Target

JaffaCakes118_35160da9c79c3838596c3677ca82259bb0ee83e669103f46f8bea563e1008a7f
Size

188KB
Sample

241223-2772csvlfq
MD5

3a120602f383016db3a3f1ef2bdc4dcb
SHA1

d65491ae52e5e533d8e2bda16a408b37fbc75b8f
SHA256

35160da9c79c3838596c3677ca82259bb0ee83e669103f46f8bea563e1008a7f
SHA512

61d824791c5e886f9df40a647bf36ac0091d8bb3b5b60481c0ccdb230e56f26961362ffe376c69de772abb6b2756a2d3cb29f2d23956e03311fb41a0cdb629d8
SSDEEP

3072:tteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIz29qM:Zq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_35160da9c79c3838596c3677ca82259bb0ee83e669103f46f8bea563e1008a7f
- Size
  
  188KB
- MD5
  
  3a120602f383016db3a3f1ef2bdc4dcb
- SHA1
  
  d65491ae52e5e533d8e2bda16a408b37fbc75b8f
- SHA256
  
  35160da9c79c3838596c3677ca82259bb0ee83e669103f46f8bea563e1008a7f
- SHA512
  
  61d824791c5e886f9df40a647bf36ac0091d8bb3b5b60481c0ccdb230e56f26961362ffe376c69de772abb6b2756a2d3cb29f2d23956e03311fb41a0cdb629d8
- SSDEEP
  
  3072:tteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIz29qM:Zq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader