dridex | 4803c3d41c47ecd13954a40c78cba44f104abd3b884804f43580f088bb5e7785 | Triage

Sharing

General

Target

JaffaCakes118_4803c3d41c47ecd13954a40c78cba44f104abd3b884804f43580f088bb5e7785
Size

188KB
Sample

241223-zf37zszrdw
MD5

d415ae4cc2bcc97ec5d58a2e994d95d9
SHA1

6ea2ccc3303429ea3ef9acb913f99b178a20d096
SHA256

4803c3d41c47ecd13954a40c78cba44f104abd3b884804f43580f088bb5e7785
SHA512

8bbb384f1949adc3feacfcf2760b2846b7ad9e52767278d83310a001d492bd7a09b08aaed79e8a56d3586ee2a08a09824f654b2f5a6d9dd96f9f78efcb7296e8
SSDEEP

3072:MteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzm9qM:wq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_4803c3d41c47ecd13954a40c78cba44f104abd3b884804f43580f088bb5e7785
- Size
  
  188KB
- MD5
  
  d415ae4cc2bcc97ec5d58a2e994d95d9
- SHA1
  
  6ea2ccc3303429ea3ef9acb913f99b178a20d096
- SHA256
  
  4803c3d41c47ecd13954a40c78cba44f104abd3b884804f43580f088bb5e7785
- SHA512
  
  8bbb384f1949adc3feacfcf2760b2846b7ad9e52767278d83310a001d492bd7a09b08aaed79e8a56d3586ee2a08a09824f654b2f5a6d9dd96f9f78efcb7296e8
- SSDEEP
  
  3072:MteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzm9qM:wq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader