dridex | 85f894f49df88bb3e9dfc199b1d880b10be4b80096cee014c506be7da7f5d9c9 | Triage

Sharing

General

Target

JaffaCakes118_85f894f49df88bb3e9dfc199b1d880b10be4b80096cee014c506be7da7f5d9c9
Size

188KB
Sample

241223-2873ravlhn
MD5

13f07d39013c3f5af97415a9f1cc06a9
SHA1

e6ad5e7faf3a73faa461a49eb5cac13d2ad3f07c
SHA256

85f894f49df88bb3e9dfc199b1d880b10be4b80096cee014c506be7da7f5d9c9
SHA512

fba53c712a736010efebc30007b71f5059daa9ff186704397fa447b405848c577e6fec18833f5dce8b9a8e854654ff5f2153cb3256745ea1e2cf23635692d1ea
SSDEEP

3072:4teMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIz+9qM:8q7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_85f894f49df88bb3e9dfc199b1d880b10be4b80096cee014c506be7da7f5d9c9
- Size
  
  188KB
- MD5
  
  13f07d39013c3f5af97415a9f1cc06a9
- SHA1
  
  e6ad5e7faf3a73faa461a49eb5cac13d2ad3f07c
- SHA256
  
  85f894f49df88bb3e9dfc199b1d880b10be4b80096cee014c506be7da7f5d9c9
- SHA512
  
  fba53c712a736010efebc30007b71f5059daa9ff186704397fa447b405848c577e6fec18833f5dce8b9a8e854654ff5f2153cb3256745ea1e2cf23635692d1ea
- SSDEEP
  
  3072:4teMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIz+9qM:8q7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader