dridex | 4bb1b166eaad43ddb00b412adfe96341db9cb409919bcab25d0562031199b280 | Triage

Sharing

General

Target

JaffaCakes118_4bb1b166eaad43ddb00b412adfe96341db9cb409919bcab25d0562031199b280
Size

188KB
Sample

241223-w4fj2sxlav
MD5

95c141986378b33e5f1819d2ac2de813
SHA1

f8fb85cab7695ae79eec64c30fd3732d24a2e17d
SHA256

4bb1b166eaad43ddb00b412adfe96341db9cb409919bcab25d0562031199b280
SHA512

8bb9a8dc8e64780b9414861e1f1a60cf70da8e59bb0f94180060a77276a1f06c754da1cb0543821596816842d14492587cd1e395314acb2f4d41eba9dc7ab442
SSDEEP

3072:QA8JmK7ATVfQeVqNFZa/9KzMXJ6jTFDlAwqWut5KZMzfeAAAoOo:QzIqATVfQeV2FZalKq6jtGJWuTmd

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.82.248.59:443

54.39.98.141:6602

103.109.247.8:10443

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_4bb1b166eaad43ddb00b412adfe96341db9cb409919bcab25d0562031199b280
- Size
  
  188KB
- MD5
  
  95c141986378b33e5f1819d2ac2de813
- SHA1
  
  f8fb85cab7695ae79eec64c30fd3732d24a2e17d
- SHA256
  
  4bb1b166eaad43ddb00b412adfe96341db9cb409919bcab25d0562031199b280
- SHA512
  
  8bb9a8dc8e64780b9414861e1f1a60cf70da8e59bb0f94180060a77276a1f06c754da1cb0543821596816842d14492587cd1e395314acb2f4d41eba9dc7ab442
- SSDEEP
  
  3072:QA8JmK7ATVfQeVqNFZa/9KzMXJ6jTFDlAwqWut5KZMzfeAAAoOo:QzIqATVfQeV2FZalKq6jtGJWuTmd
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader