dridex | f05524a05fb3a90082a7e59a27b1e451481e4355e28bb449ecfd479d75f435b8 | Triage

Sharing

General

Target

JaffaCakes118_f05524a05fb3a90082a7e59a27b1e451481e4355e28bb449ecfd479d75f435b8
Size

188KB
Sample

241223-xp5q3axqfs
MD5

404f509f37ae90d7659c2386fbae7f69
SHA1

be439fbcbe897802766052fc3bb29929b5712129
SHA256

f05524a05fb3a90082a7e59a27b1e451481e4355e28bb449ecfd479d75f435b8
SHA512

6db307ad65236ad663f1b09e90304ef6a1d9e27d8c9e472ddfdea0613d5014b0beb2913fb8947aca505f2d9b419b93f02c6fe666ab4ebf177eb8a879784acf61
SSDEEP

3072:AteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIz99qM:Uq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_f05524a05fb3a90082a7e59a27b1e451481e4355e28bb449ecfd479d75f435b8
- Size
  
  188KB
- MD5
  
  404f509f37ae90d7659c2386fbae7f69
- SHA1
  
  be439fbcbe897802766052fc3bb29929b5712129
- SHA256
  
  f05524a05fb3a90082a7e59a27b1e451481e4355e28bb449ecfd479d75f435b8
- SHA512
  
  6db307ad65236ad663f1b09e90304ef6a1d9e27d8c9e472ddfdea0613d5014b0beb2913fb8947aca505f2d9b419b93f02c6fe666ab4ebf177eb8a879784acf61
- SSDEEP
  
  3072:AteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIz99qM:Uq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader