dridex | 508c82588c79d92ddce1ca7c8997271de18cb8f1c799f3536a43eb368fd83b14 | Triage

Sharing

General

Target

JaffaCakes118_508c82588c79d92ddce1ca7c8997271de18cb8f1c799f3536a43eb368fd83b14
Size

188KB
Sample

241223-whbc7swpgy
MD5

8a7cba443ccc0d139d0bd954ca018920
SHA1

aef9bcccfe769cded651485f118a179a71d89b7b
SHA256

508c82588c79d92ddce1ca7c8997271de18cb8f1c799f3536a43eb368fd83b14
SHA512

c6c78cc575ce8c012489f6e02081fec6b6c38f17bc736218a1e90eccf439c4d854557115cebdafb9d64e0f7f776e712be3ad2a40a6d82ea2fad76a2d2efd28b6
SSDEEP

3072:fteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIz69qM:Hq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_508c82588c79d92ddce1ca7c8997271de18cb8f1c799f3536a43eb368fd83b14
- Size
  
  188KB
- MD5
  
  8a7cba443ccc0d139d0bd954ca018920
- SHA1
  
  aef9bcccfe769cded651485f118a179a71d89b7b
- SHA256
  
  508c82588c79d92ddce1ca7c8997271de18cb8f1c799f3536a43eb368fd83b14
- SHA512
  
  c6c78cc575ce8c012489f6e02081fec6b6c38f17bc736218a1e90eccf439c4d854557115cebdafb9d64e0f7f776e712be3ad2a40a6d82ea2fad76a2d2efd28b6
- SSDEEP
  
  3072:fteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIz69qM:Hq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader