dridex | e6a12b707c3336f931be6eab01e03a1e2ef0aef26dd3733669582164cc9298fa | Triage

Sharing

General

Target

JaffaCakes118_e6a12b707c3336f931be6eab01e03a1e2ef0aef26dd3733669582164cc9298fa
Size

188KB
Sample

241223-3f9xbavmav
MD5

232b06f83f348c9b587b627101e32426
SHA1

490f70cfd66984f026eac325ff3d23a4a2e3c0e4
SHA256

e6a12b707c3336f931be6eab01e03a1e2ef0aef26dd3733669582164cc9298fa
SHA512

2d0da06bc2f4e2a61082d1fbc0f5e39593fec4f1c16c50f57ab25de8f04c70341c9134c26e565cede0c64f8ee1b4c8a9c111be141561a9e66debd394cc40e896
SSDEEP

3072:1teMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIz/9qM:Rq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_e6a12b707c3336f931be6eab01e03a1e2ef0aef26dd3733669582164cc9298fa
- Size
  
  188KB
- MD5
  
  232b06f83f348c9b587b627101e32426
- SHA1
  
  490f70cfd66984f026eac325ff3d23a4a2e3c0e4
- SHA256
  
  e6a12b707c3336f931be6eab01e03a1e2ef0aef26dd3733669582164cc9298fa
- SHA512
  
  2d0da06bc2f4e2a61082d1fbc0f5e39593fec4f1c16c50f57ab25de8f04c70341c9134c26e565cede0c64f8ee1b4c8a9c111be141561a9e66debd394cc40e896
- SSDEEP
  
  3072:1teMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIz/9qM:Rq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader