dridex | beff34ab6bed4374763549f75e390706ddf1727516402a35cb4a98a44d740e94 | Triage

Sharing

General

Target

JaffaCakes118_beff34ab6bed4374763549f75e390706ddf1727516402a35cb4a98a44d740e94
Size

184KB
Sample

241223-wy1yssxkaj
MD5

e81a2b795e7bf8e5db54f7d33b9e9344
SHA1

18b1caeb8101f3a5dc390b093ddc8c381ccddff8
SHA256

beff34ab6bed4374763549f75e390706ddf1727516402a35cb4a98a44d740e94
SHA512

8bc2a26b7249f9e479d35f5643b24ed42abd61f64a81f8091edb425eb883bd429989b7aea6cb59da82c96d77e2fbe1bf6ba7779d7d73c36af423664634ba9658
SSDEEP

3072:VuwfhNXphcqs2tJYsoa9Xibolk0CtPBU1jhhF8ZJ8fDo4KSlmsb:37TXYsd9SkONU1jKGlplm

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

103.75.201.2:443

158.223.1.108:6225

165.22.28.242:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_beff34ab6bed4374763549f75e390706ddf1727516402a35cb4a98a44d740e94
- Size
  
  184KB
- MD5
  
  e81a2b795e7bf8e5db54f7d33b9e9344
- SHA1
  
  18b1caeb8101f3a5dc390b093ddc8c381ccddff8
- SHA256
  
  beff34ab6bed4374763549f75e390706ddf1727516402a35cb4a98a44d740e94
- SHA512
  
  8bc2a26b7249f9e479d35f5643b24ed42abd61f64a81f8091edb425eb883bd429989b7aea6cb59da82c96d77e2fbe1bf6ba7779d7d73c36af423664634ba9658
- SSDEEP
  
  3072:VuwfhNXphcqs2tJYsoa9Xibolk0CtPBU1jhhF8ZJ8fDo4KSlmsb:37TXYsd9SkONU1jKGlplm
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader