dridex | 068096f81d7fc99c41008cef408d4e469a20a84f788dd868e4d2f16310b624ba | Triage

Sharing

General

Target

JaffaCakes118_068096f81d7fc99c41008cef408d4e469a20a84f788dd868e4d2f16310b624ba
Size

188KB
Sample

241223-yenkgaypby
MD5

a4f8a73ad58ac97675c9e1f998ee875a
SHA1

6fabca1d4c196cacec52b21e3fb7f56beb73c7bb
SHA256

068096f81d7fc99c41008cef408d4e469a20a84f788dd868e4d2f16310b624ba
SHA512

d5199d76333d2fb2a1d8db8624a5b1f7804731dbacd29b008f9331a555ff531a8e64739da86b587a562e623af267c63a3388879c7580098a2eabb5441d9dffb1
SSDEEP

3072:IteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzR9qM:sq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_068096f81d7fc99c41008cef408d4e469a20a84f788dd868e4d2f16310b624ba
- Size
  
  188KB
- MD5
  
  a4f8a73ad58ac97675c9e1f998ee875a
- SHA1
  
  6fabca1d4c196cacec52b21e3fb7f56beb73c7bb
- SHA256
  
  068096f81d7fc99c41008cef408d4e469a20a84f788dd868e4d2f16310b624ba
- SHA512
  
  d5199d76333d2fb2a1d8db8624a5b1f7804731dbacd29b008f9331a555ff531a8e64739da86b587a562e623af267c63a3388879c7580098a2eabb5441d9dffb1
- SSDEEP
  
  3072:IteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzR9qM:sq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader