dridex | 5d4e11b4e35bdbf652f35c49f210eaf96b3aec8134d282cf7496c738ea70eae8 | Triage

Sharing

General

Target

JaffaCakes118_5d4e11b4e35bdbf652f35c49f210eaf96b3aec8134d282cf7496c738ea70eae8
Size

163KB
Sample

241223-3wpw3swjhk
MD5

2841140f3af156a5defdc9659b39b1e3
SHA1

663c1e1797751bff1a76b1d7894abf634c21b4f0
SHA256

5d4e11b4e35bdbf652f35c49f210eaf96b3aec8134d282cf7496c738ea70eae8
SHA512

0afc4414161a9ca0f23a1c6c01435414c5f63ed62c77b6ab209eb8a14ced92a2e541cd1263e93559cf2aebf23239cb40acb95e217375d5700e110e7b8edd3537
SSDEEP

3072:V9F/oNrQb4xVubbXP/NTccbsFvCeLmXH57V30e8Pj:V9F6rQXvFczvYpQP

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

43.229.206.212:443

82.209.17.209:8172

162.241.209.225:4125

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_5d4e11b4e35bdbf652f35c49f210eaf96b3aec8134d282cf7496c738ea70eae8
- Size
  
  163KB
- MD5
  
  2841140f3af156a5defdc9659b39b1e3
- SHA1
  
  663c1e1797751bff1a76b1d7894abf634c21b4f0
- SHA256
  
  5d4e11b4e35bdbf652f35c49f210eaf96b3aec8134d282cf7496c738ea70eae8
- SHA512
  
  0afc4414161a9ca0f23a1c6c01435414c5f63ed62c77b6ab209eb8a14ced92a2e541cd1263e93559cf2aebf23239cb40acb95e217375d5700e110e7b8edd3537
- SSDEEP
  
  3072:V9F/oNrQb4xVubbXP/NTccbsFvCeLmXH57V30e8Pj:V9F6rQXvFczvYpQP
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader