dridex | a4f791f9d7c33856fc1713569e2c5aab8a223f4024901f4129281be8775a6518 | Triage

Sharing

General

Target

JaffaCakes118_a4f791f9d7c33856fc1713569e2c5aab8a223f4024901f4129281be8775a6518
Size

188KB
Sample

241223-vppzhavrgv
MD5

b27feda175f4349a4b95996979cbe0e7
SHA1

1c6b77912d3f7a18e22a37988a6ef85e05759c00
SHA256

a4f791f9d7c33856fc1713569e2c5aab8a223f4024901f4129281be8775a6518
SHA512

f4149f391ed8e813c93cde4f63c6ce906680764dbd4edf7b8bc3f38ef32813aaabe4f472ad5fe34396319a6e80d487a382ef70cd98df06e0f3f1abf5cfb5c2a9
SSDEEP

3072:2teMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzq9qM:+q7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_a4f791f9d7c33856fc1713569e2c5aab8a223f4024901f4129281be8775a6518
- Size
  
  188KB
- MD5
  
  b27feda175f4349a4b95996979cbe0e7
- SHA1
  
  1c6b77912d3f7a18e22a37988a6ef85e05759c00
- SHA256
  
  a4f791f9d7c33856fc1713569e2c5aab8a223f4024901f4129281be8775a6518
- SHA512
  
  f4149f391ed8e813c93cde4f63c6ce906680764dbd4edf7b8bc3f38ef32813aaabe4f472ad5fe34396319a6e80d487a382ef70cd98df06e0f3f1abf5cfb5c2a9
- SSDEEP
  
  3072:2teMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzq9qM:+q7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader