dridex | d3a81703c4129c02db0c2c822f9938727fdeee0b7b3a6de4bc18a324299beda3 | Triage

Sharing

General

Target

JaffaCakes118_d3a81703c4129c02db0c2c822f9938727fdeee0b7b3a6de4bc18a324299beda3
Size

177KB
Sample

241223-3gj3aavpaj
MD5

b0c7e93061951053465c5ae5222a6486
SHA1

fe0441a78ef4fa5b7b0e7089621c06418994a5a3
SHA256

d3a81703c4129c02db0c2c822f9938727fdeee0b7b3a6de4bc18a324299beda3
SHA512

11a0a9b6f6d3b33ba79c6683ba3de92e4da25a741f93b44dcd093baf21b2812e25357c82a34bcef27bf0d9c3c3917cc7a1d5b5d4830c9a312b43619bf58f8e4c
SSDEEP

3072:6uCmyBVtWxZCOCA4Hpl1tv18FTETA8ocya/OyoSJPAacbnid8DOHPJ+HJ:WzWxkOP4p2EesvcDi6DOHPJ

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

144.76.1.150:443

50.249.212.98:23399

104.168.154.79:5007

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_d3a81703c4129c02db0c2c822f9938727fdeee0b7b3a6de4bc18a324299beda3
- Size
  
  177KB
- MD5
  
  b0c7e93061951053465c5ae5222a6486
- SHA1
  
  fe0441a78ef4fa5b7b0e7089621c06418994a5a3
- SHA256
  
  d3a81703c4129c02db0c2c822f9938727fdeee0b7b3a6de4bc18a324299beda3
- SHA512
  
  11a0a9b6f6d3b33ba79c6683ba3de92e4da25a741f93b44dcd093baf21b2812e25357c82a34bcef27bf0d9c3c3917cc7a1d5b5d4830c9a312b43619bf58f8e4c
- SSDEEP
  
  3072:6uCmyBVtWxZCOCA4Hpl1tv18FTETA8ocya/OyoSJPAacbnid8DOHPJ+HJ:WzWxkOP4p2EesvcDi6DOHPJ
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader