dridex | d69cc12412e6fefa817516237e0306a8db90ddcd0cd56ea0f1ee7b6abdcaef7f | Triage

Sharing

General

Target

JaffaCakes118_d69cc12412e6fefa817516237e0306a8db90ddcd0cd56ea0f1ee7b6abdcaef7f
Size

188KB
Sample

241223-w4zb6axlbw
MD5

9e98239e66a960625099f20efbf42559
SHA1

c03b19d18e018bb5b5b13d39c99763702f146fd8
SHA256

d69cc12412e6fefa817516237e0306a8db90ddcd0cd56ea0f1ee7b6abdcaef7f
SHA512

8cb6c9fb97dc5fe07c646976a18304acd63fc3ee5c4c61614b4632b2e5c7b73c1eac3397e066ee0546988d352599c43467bed9e7d16caec7a35a5b0a0dc40e4a
SSDEEP

3072:CteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzC9qM:qq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_d69cc12412e6fefa817516237e0306a8db90ddcd0cd56ea0f1ee7b6abdcaef7f
- Size
  
  188KB
- MD5
  
  9e98239e66a960625099f20efbf42559
- SHA1
  
  c03b19d18e018bb5b5b13d39c99763702f146fd8
- SHA256
  
  d69cc12412e6fefa817516237e0306a8db90ddcd0cd56ea0f1ee7b6abdcaef7f
- SHA512
  
  8cb6c9fb97dc5fe07c646976a18304acd63fc3ee5c4c61614b4632b2e5c7b73c1eac3397e066ee0546988d352599c43467bed9e7d16caec7a35a5b0a0dc40e4a
- SSDEEP
  
  3072:CteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzC9qM:qq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader