dridex | 632eca3762feb7657037f4a0cba3a6c0519e7c98c5b9b5d5eb2aae2cc48b4ebc | Triage

Sharing

General

Target

JaffaCakes118_632eca3762feb7657037f4a0cba3a6c0519e7c98c5b9b5d5eb2aae2cc48b4ebc
Size

188KB
Sample

241223-wttc6axjcq
MD5

20a3b04d72d7066cfa3b42bfed081e6d
SHA1

1447cc3a4d28dae791a66d95bdb72d4ff11a692e
SHA256

632eca3762feb7657037f4a0cba3a6c0519e7c98c5b9b5d5eb2aae2cc48b4ebc
SHA512

22052479cc9faed0b6a94bc71ae7c2ace314ad2ba09cfeb55e3b32697f1f9119a6c6e7208319d5f4f9b1f19d945b500e5dd595c69c4fca16dd271693ffad8b49
SSDEEP

3072:rteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzy9qM:jq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_632eca3762feb7657037f4a0cba3a6c0519e7c98c5b9b5d5eb2aae2cc48b4ebc
- Size
  
  188KB
- MD5
  
  20a3b04d72d7066cfa3b42bfed081e6d
- SHA1
  
  1447cc3a4d28dae791a66d95bdb72d4ff11a692e
- SHA256
  
  632eca3762feb7657037f4a0cba3a6c0519e7c98c5b9b5d5eb2aae2cc48b4ebc
- SHA512
  
  22052479cc9faed0b6a94bc71ae7c2ace314ad2ba09cfeb55e3b32697f1f9119a6c6e7208319d5f4f9b1f19d945b500e5dd595c69c4fca16dd271693ffad8b49
- SSDEEP
  
  3072:rteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzy9qM:jq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader