dridex | 9d5d8d24bc90ae37ce7bbe5098c5001908e8bfaba8c41e588715e7c0fe929b79 | Triage

Sharing

General

Target

JaffaCakes118_9d5d8d24bc90ae37ce7bbe5098c5001908e8bfaba8c41e588715e7c0fe929b79
Size

188KB
Sample

241223-y6n1bazngv
MD5

fcb21445878119f0db3eb9f6420b63ef
SHA1

42b0e15676e05ab476ccc4df1fcc890a6ba7a1bb
SHA256

9d5d8d24bc90ae37ce7bbe5098c5001908e8bfaba8c41e588715e7c0fe929b79
SHA512

1acd7a9cc62b287dbe31fd202b2c4786613324bd566baad284bc75132ae8bca951e6df3773c15ccc8bfec55613bc4f66a2e485ad2d984c7c7a4dee3c14a88c2d
SSDEEP

3072:ZteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIz/9qM:1q7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_9d5d8d24bc90ae37ce7bbe5098c5001908e8bfaba8c41e588715e7c0fe929b79
- Size
  
  188KB
- MD5
  
  fcb21445878119f0db3eb9f6420b63ef
- SHA1
  
  42b0e15676e05ab476ccc4df1fcc890a6ba7a1bb
- SHA256
  
  9d5d8d24bc90ae37ce7bbe5098c5001908e8bfaba8c41e588715e7c0fe929b79
- SHA512
  
  1acd7a9cc62b287dbe31fd202b2c4786613324bd566baad284bc75132ae8bca951e6df3773c15ccc8bfec55613bc4f66a2e485ad2d984c7c7a4dee3c14a88c2d
- SSDEEP
  
  3072:ZteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIz/9qM:1q7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader