dridex | aef534dde3fb8f0aaf318bb64412d789bc1742982929a412de255747de138e8d | Triage

Sharing

General

Target

JaffaCakes118_aef534dde3fb8f0aaf318bb64412d789bc1742982929a412de255747de138e8d
Size

188KB
Sample

241223-ysqxrazlbl
MD5

9f67444c2b17e36ccbdc155ea5f6ba6b
SHA1

ceb3c6da1e522e5783923bd5c8049d148b9ff2f8
SHA256

aef534dde3fb8f0aaf318bb64412d789bc1742982929a412de255747de138e8d
SHA512

6e51528a8ec92a077f801819085465939dcd691b2d6814c768a00da20fbb9fe6d1f27f90a5a2eb2920532c92525ff7e0ef9204ace165838d934b27ec998cc665
SSDEEP

3072:dteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzb9qM:pq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_aef534dde3fb8f0aaf318bb64412d789bc1742982929a412de255747de138e8d
- Size
  
  188KB
- MD5
  
  9f67444c2b17e36ccbdc155ea5f6ba6b
- SHA1
  
  ceb3c6da1e522e5783923bd5c8049d148b9ff2f8
- SHA256
  
  aef534dde3fb8f0aaf318bb64412d789bc1742982929a412de255747de138e8d
- SHA512
  
  6e51528a8ec92a077f801819085465939dcd691b2d6814c768a00da20fbb9fe6d1f27f90a5a2eb2920532c92525ff7e0ef9204ace165838d934b27ec998cc665
- SSDEEP
  
  3072:dteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzb9qM:pq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader