dridex | 98894ba7565517e307243634a53e723c23ae72233e8e79f706522e2a280ec6f5 | Triage

Sharing

General

Target

JaffaCakes118_98894ba7565517e307243634a53e723c23ae72233e8e79f706522e2a280ec6f5
Size

122KB
Sample

241223-wks12awqc1
MD5

a53c5428fd54f8dab19ac68320e61ebc
SHA1

8a51dff76ef0e340df3eb33a54305a60a9ac04fd
SHA256

98894ba7565517e307243634a53e723c23ae72233e8e79f706522e2a280ec6f5
SHA512

beab89182bd0b9420cd96ee8c39017c2b96c32eb38604bbc96701524eccb85a918dce4272c1fa8c89447e496ebc6938564e325fd4e65be5728ed78a0486d2646
SSDEEP

3072:np6vT6nO7o7idnzgloKEx5w3+HYWaXNs35hcfJ/VRQBy9:s/7o74n8Cre9s35h8J9WB2

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.121.123.61:443

12.52.64.10:10933

201.148.20.37:5412

rc4.plain

rc4.plain

Targets

- Target
  
  5_srclient.dll[1].bin
- Size
  
  188KB
- MD5
  
  40881eb97de5d69dd8da5f2d894874d9
- SHA1
  
  232fa7e8a8f95eee695ee9c5fcfdbd0d69b1c010
- SHA256
  
  125a61ca8cc8e76aeee82a18a0a796e5857df7bf736c494434d14b54766f365a
- SHA512
  
  bd97cea471d573742674c0a82a92b80cc0ebd0ecdda8f295f73b59b613033c3179f6226ff1e2f9f086434364b8f27fad68a8df95d0bddb35a969191f8bde94c7
- SSDEEP
  
  3072:r7o4aQnV+A43RKz2f8OWa28/xB441a97hrtJ2EnP8fQ9ixQeY8u:kQn5z2f8OWv+i4C7drjEfQ9V
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader