dridex | f6aabe5fc340fb654577eefba32fe202d221cbd9d63fbd854462155413a9bcf5 | Triage

Sharing

General

Target

JaffaCakes118_f6aabe5fc340fb654577eefba32fe202d221cbd9d63fbd854462155413a9bcf5
Size

188KB
Sample

241223-y5tjeaznes
MD5

640b335684adc7b5e883bfb7508d3ead
SHA1

35e7670634222b758003d1da3c2d38dc0a896a9f
SHA256

f6aabe5fc340fb654577eefba32fe202d221cbd9d63fbd854462155413a9bcf5
SHA512

269ba8281100ce2454df411f6889b28aa394047acce48c3b7714328b80b7e320cafaf6f92129136cd0b8f02814cd18d078c46fbc53d39a3fb616e687af504df7
SSDEEP

3072:fteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzg9qM:Hq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_f6aabe5fc340fb654577eefba32fe202d221cbd9d63fbd854462155413a9bcf5
- Size
  
  188KB
- MD5
  
  640b335684adc7b5e883bfb7508d3ead
- SHA1
  
  35e7670634222b758003d1da3c2d38dc0a896a9f
- SHA256
  
  f6aabe5fc340fb654577eefba32fe202d221cbd9d63fbd854462155413a9bcf5
- SHA512
  
  269ba8281100ce2454df411f6889b28aa394047acce48c3b7714328b80b7e320cafaf6f92129136cd0b8f02814cd18d078c46fbc53d39a3fb616e687af504df7
- SSDEEP
  
  3072:fteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzg9qM:Hq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader