dridex | f24464fbbce525798d606365167e272c6afe9780f27346326c672b4731ebf9f2 | Triage

Sharing

General

Target

JaffaCakes118_f24464fbbce525798d606365167e272c6afe9780f27346326c672b4731ebf9f2
Size

188KB
Sample

241223-zewfra1jam
MD5

c49123be34620311b8aea8e61e2dfb93
SHA1

5527ee92f71033803c73c64513cccd02923e7bc1
SHA256

f24464fbbce525798d606365167e272c6afe9780f27346326c672b4731ebf9f2
SHA512

43a336c204a66d70978c914f9f0a960c503be5b1e80913164313c31c698b234f8f316719231165435821269d166041da844ec23cfe4baa95f95b4efdc1bcd480
SSDEEP

3072:uteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzy9qM:Gq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_f24464fbbce525798d606365167e272c6afe9780f27346326c672b4731ebf9f2
- Size
  
  188KB
- MD5
  
  c49123be34620311b8aea8e61e2dfb93
- SHA1
  
  5527ee92f71033803c73c64513cccd02923e7bc1
- SHA256
  
  f24464fbbce525798d606365167e272c6afe9780f27346326c672b4731ebf9f2
- SHA512
  
  43a336c204a66d70978c914f9f0a960c503be5b1e80913164313c31c698b234f8f316719231165435821269d166041da844ec23cfe4baa95f95b4efdc1bcd480
- SSDEEP
  
  3072:uteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzy9qM:Gq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader