dridex | 6faa5990ec83eb0d3eed45f6db23c4c2c88e6caaa3e591443711f397ba609a75 | Triage

Sharing

General

Target

JaffaCakes118_6faa5990ec83eb0d3eed45f6db23c4c2c88e6caaa3e591443711f397ba609a75
Size

177KB
Sample

241223-zb8xnszrbk
MD5

da98adb002717c351779fbbbc5218fb3
SHA1

2de97af8782f30252970a4ea2e5a616b533b3984
SHA256

6faa5990ec83eb0d3eed45f6db23c4c2c88e6caaa3e591443711f397ba609a75
SHA512

ca581d19a4fd2146afd47b8c088a86ad2b6ad02ab88697f75e7fe8dfcdc95b5cd35d39d4806af3a2666405915b573bfc5ec8a887862093e3ee58f56eb7879bee
SSDEEP

3072:IuCmyBVtWxZCOCA4Hpl1tv18FTETA8ocya/OyoSJPAacbnid8DOHPJ+HJ:UzWxkOP4p2EesvcDi6DOHPJ

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

144.76.1.150:443

50.249.212.98:23399

104.168.154.79:5007

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_6faa5990ec83eb0d3eed45f6db23c4c2c88e6caaa3e591443711f397ba609a75
- Size
  
  177KB
- MD5
  
  da98adb002717c351779fbbbc5218fb3
- SHA1
  
  2de97af8782f30252970a4ea2e5a616b533b3984
- SHA256
  
  6faa5990ec83eb0d3eed45f6db23c4c2c88e6caaa3e591443711f397ba609a75
- SHA512
  
  ca581d19a4fd2146afd47b8c088a86ad2b6ad02ab88697f75e7fe8dfcdc95b5cd35d39d4806af3a2666405915b573bfc5ec8a887862093e3ee58f56eb7879bee
- SSDEEP
  
  3072:IuCmyBVtWxZCOCA4Hpl1tv18FTETA8ocya/OyoSJPAacbnid8DOHPJ+HJ:UzWxkOP4p2EesvcDi6DOHPJ
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader