dridex | 0be983bb06e64e86dc3de42130613d7f7c95ddee4920212154265d02db50becc | Triage

Sharing

General

Target

JaffaCakes118_0be983bb06e64e86dc3de42130613d7f7c95ddee4920212154265d02db50becc
Size

184KB
Sample

241223-sb5rpasqbp
MD5

705229f88c53fe46ee9b4eeb184e7905
SHA1

5e69a53bac9943e513d4aececa7732bb6e715d6a
SHA256

0be983bb06e64e86dc3de42130613d7f7c95ddee4920212154265d02db50becc
SHA512

46fd597b99cfc7e21913041743547e9c5766fbbb243cd164d192105c3cbd6576cad6e903574c2837d62b6c58659f5ad227dbfd4fcf70e2520c086efe2d8f1049
SSDEEP

3072:liLVj+luuUXoPOK2z1WPRgg5YbW+d0Ojk1bSA5q/eaomlzoxss7:liLVCIT4WK2z1W+CUHZj4Skq/eao0oC

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

80.241.218.90:443

103.161.172.109:13786

87.98.128.76:5723

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_0be983bb06e64e86dc3de42130613d7f7c95ddee4920212154265d02db50becc
- Size
  
  184KB
- MD5
  
  705229f88c53fe46ee9b4eeb184e7905
- SHA1
  
  5e69a53bac9943e513d4aececa7732bb6e715d6a
- SHA256
  
  0be983bb06e64e86dc3de42130613d7f7c95ddee4920212154265d02db50becc
- SHA512
  
  46fd597b99cfc7e21913041743547e9c5766fbbb243cd164d192105c3cbd6576cad6e903574c2837d62b6c58659f5ad227dbfd4fcf70e2520c086efe2d8f1049
- SSDEEP
  
  3072:liLVj+luuUXoPOK2z1WPRgg5YbW+d0Ojk1bSA5q/eaomlzoxss7:liLVCIT4WK2z1W+CUHZj4Skq/eao0oC
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader