dridex | 2004d3beab2b05a3105c1a94858d5d65aefa9f8bc6c150f4cb6a25e9341a2180 | Triage

Sharing

General

Target

JaffaCakes118_2004d3beab2b05a3105c1a94858d5d65aefa9f8bc6c150f4cb6a25e9341a2180
Size

184KB
Sample

241223-rqkjmaskbp
MD5

6fc8724daecc1121dc2d1b12d196a34f
SHA1

638df91cef74c00ba34844e3e10139f5b01802ef
SHA256

2004d3beab2b05a3105c1a94858d5d65aefa9f8bc6c150f4cb6a25e9341a2180
SHA512

269d9399cf4eea069478b455b3372a0c60e00c2522e5c2a633338ff841c7178a99a3332b0599857d9817cb331703dd756c5f1a20bccbcf62f0fac940dd16ba88
SSDEEP

3072:juwfhNXphcqs2tJYsoa9Xibolk0CtPBU1jhhF8ZJ8fDo4Kqlmsb:x7TXYsd9SkONU1jKGlVlm

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

103.75.201.2:443

158.223.1.108:6225

165.22.28.242:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_2004d3beab2b05a3105c1a94858d5d65aefa9f8bc6c150f4cb6a25e9341a2180
- Size
  
  184KB
- MD5
  
  6fc8724daecc1121dc2d1b12d196a34f
- SHA1
  
  638df91cef74c00ba34844e3e10139f5b01802ef
- SHA256
  
  2004d3beab2b05a3105c1a94858d5d65aefa9f8bc6c150f4cb6a25e9341a2180
- SHA512
  
  269d9399cf4eea069478b455b3372a0c60e00c2522e5c2a633338ff841c7178a99a3332b0599857d9817cb331703dd756c5f1a20bccbcf62f0fac940dd16ba88
- SSDEEP
  
  3072:juwfhNXphcqs2tJYsoa9Xibolk0CtPBU1jhhF8ZJ8fDo4Kqlmsb:x7TXYsd9SkONU1jKGlVlm
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader