dridex | 3b68448bdfebc2d4755c244a142ddf73146c28de412619a519595e90d19a527a | Triage

Sharing

General

Target

JaffaCakes118_3b68448bdfebc2d4755c244a142ddf73146c28de412619a519595e90d19a527a
Size

188KB
Sample

241223-wtxetaxjdj
MD5

83906417f18de529a927f9a771410c8b
SHA1

d9ebf67f21d97604e8d0be52132297947280bc06
SHA256

3b68448bdfebc2d4755c244a142ddf73146c28de412619a519595e90d19a527a
SHA512

73e8e54e4abd20de0dc9eaafa3f6aebbe7c9d8156d7562c5116df97ecd63932b3088ab5dfce3af8d327ee2fd57ba0f91b482f05a1fe3a92673ac1e6ab9cf0526
SSDEEP

3072:DteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzy9qM:rq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_3b68448bdfebc2d4755c244a142ddf73146c28de412619a519595e90d19a527a
- Size
  
  188KB
- MD5
  
  83906417f18de529a927f9a771410c8b
- SHA1
  
  d9ebf67f21d97604e8d0be52132297947280bc06
- SHA256
  
  3b68448bdfebc2d4755c244a142ddf73146c28de412619a519595e90d19a527a
- SHA512
  
  73e8e54e4abd20de0dc9eaafa3f6aebbe7c9d8156d7562c5116df97ecd63932b3088ab5dfce3af8d327ee2fd57ba0f91b482f05a1fe3a92673ac1e6ab9cf0526
- SSDEEP
  
  3072:DteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzy9qM:rq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader