dridex | cddcf4997f5438e9ea864de793285dcb5477ffcd6974f13bd94567a0092904e4 | Triage

Sharing

General

Target

JaffaCakes118_cddcf4997f5438e9ea864de793285dcb5477ffcd6974f13bd94567a0092904e4
Size

188KB
Sample

241223-w4d18axlaq
MD5

59663df3f2d40c56e608862300862a74
SHA1

e2efb8419df84a48336ab1a45c399c2de719410a
SHA256

cddcf4997f5438e9ea864de793285dcb5477ffcd6974f13bd94567a0092904e4
SHA512

09436ba82989324c7bd89c27f9e6942488b08de78fa43911e89c68ad587f5f8c1a9f13b1432a24b3273834e9643e2c8442e7ea77f4277c16f321b1524ebc5c76
SSDEEP

3072:8teMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzh9qM:Aq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_cddcf4997f5438e9ea864de793285dcb5477ffcd6974f13bd94567a0092904e4
- Size
  
  188KB
- MD5
  
  59663df3f2d40c56e608862300862a74
- SHA1
  
  e2efb8419df84a48336ab1a45c399c2de719410a
- SHA256
  
  cddcf4997f5438e9ea864de793285dcb5477ffcd6974f13bd94567a0092904e4
- SHA512
  
  09436ba82989324c7bd89c27f9e6942488b08de78fa43911e89c68ad587f5f8c1a9f13b1432a24b3273834e9643e2c8442e7ea77f4277c16f321b1524ebc5c76
- SSDEEP
  
  3072:8teMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzh9qM:Aq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader