dridex | 5824c61404274498a3d072b86cd4834cd3fdb924b4e7a879645c8f11f435ea6d | Triage

Sharing

General

Target

JaffaCakes118_5824c61404274498a3d072b86cd4834cd3fdb924b4e7a879645c8f11f435ea6d
Size

188KB
Sample

241223-y6xx8azngz
MD5

5d5ae553fb1af80b64375888fc1c6869
SHA1

9f106c33274bbf8f4d49f5a2a7f70394aef07f8f
SHA256

5824c61404274498a3d072b86cd4834cd3fdb924b4e7a879645c8f11f435ea6d
SHA512

7c8fdadbd913484f188f3620856d733a6c6f49db37befdc32567048c88f2e7f5207dd08db5796766da72a00d430023ce0b7c651ddb39697c7ec38edac54a5398
SSDEEP

3072:tteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIz59qM:Zq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_5824c61404274498a3d072b86cd4834cd3fdb924b4e7a879645c8f11f435ea6d
- Size
  
  188KB
- MD5
  
  5d5ae553fb1af80b64375888fc1c6869
- SHA1
  
  9f106c33274bbf8f4d49f5a2a7f70394aef07f8f
- SHA256
  
  5824c61404274498a3d072b86cd4834cd3fdb924b4e7a879645c8f11f435ea6d
- SHA512
  
  7c8fdadbd913484f188f3620856d733a6c6f49db37befdc32567048c88f2e7f5207dd08db5796766da72a00d430023ce0b7c651ddb39697c7ec38edac54a5398
- SSDEEP
  
  3072:tteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIz59qM:Zq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader