dridex | 90f77fff73bab6078bcb2d9fdb9181900fe24d2db09970877a18fd0460e05a7f | Triage

Sharing

General

Target

JaffaCakes118_90f77fff73bab6078bcb2d9fdb9181900fe24d2db09970877a18fd0460e05a7f
Size

122KB
Sample

241223-z8qgla1qg1
MD5

aa58f6d1156024e49fb7a7cf6c882210
SHA1

636a772b439c4894bb820667ade134fe3bbcbe20
SHA256

90f77fff73bab6078bcb2d9fdb9181900fe24d2db09970877a18fd0460e05a7f
SHA512

8db8a14f22d7ea5bad1cef270b9579eba7b3f1b6690aa99dc125ac377cecd14e12ab91656d9e4a5db03cc1a1645c04e86ce2bb04d74268dfb6b6d0c0cd51e110
SSDEEP

3072:t9qigNdWVUUMtz+v3d0lM/Wlc2Pg+lDkYCC81p:t2NHUQ6dTq/g+gCEp

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

51.79.50.122:443

222.124.142.67:10443

138.201.222.158:4664

rc4.plain

rc4.plain

Targets

- Target
  
  filler_dk9naf.png
- Size
  
  188KB
- MD5
  
  89bb3dde45bd0702423bf21f5e3ba4d0
- SHA1
  
  780b4bb6e07d29f05f216bcd63643210ed45056f
- SHA256
  
  74b92281565f1a504e4da093363cbd8e12639ef1b63395879e6aca3f020ae83a
- SHA512
  
  a37155318256068a893c8abe9007aa5136d3b0b7f6276baf621bce422c8634f22f2d777d2b15364e720d846e78e2039eb8b5f63eb85ebc1a76936952dd285c16
- SSDEEP
  
  3072:E8bP7oCIkCD6Wgk3OIbtRpr1eVE+nxNS5KL/JcmdzuG51u:RoCXC223Ow5uznxNS5WBJ
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader