dridex | 0fcb740a9f91801dd1570429b7be307be5fae3d0cca23e63618570975df2eb24 | Triage

Sharing

General

Target

JaffaCakes118_0fcb740a9f91801dd1570429b7be307be5fae3d0cca23e63618570975df2eb24
Size

188KB
Sample

241223-zhay8a1jat
MD5

a6bb2b61f8dc2800f38c163fec124412
SHA1

d283e5770777cdc5a7fbb9c8c234b17a8c53ca89
SHA256

0fcb740a9f91801dd1570429b7be307be5fae3d0cca23e63618570975df2eb24
SHA512

4aea7bbf8e3d9adad210a593675c89ea8055b186863cad7181e20b49d598f89316601c123e75569fd5b6327ff2b12e37f1fe6fc864750e4f84a11984320795fc
SSDEEP

3072:SteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzy9qM:aq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_0fcb740a9f91801dd1570429b7be307be5fae3d0cca23e63618570975df2eb24
- Size
  
  188KB
- MD5
  
  a6bb2b61f8dc2800f38c163fec124412
- SHA1
  
  d283e5770777cdc5a7fbb9c8c234b17a8c53ca89
- SHA256
  
  0fcb740a9f91801dd1570429b7be307be5fae3d0cca23e63618570975df2eb24
- SHA512
  
  4aea7bbf8e3d9adad210a593675c89ea8055b186863cad7181e20b49d598f89316601c123e75569fd5b6327ff2b12e37f1fe6fc864750e4f84a11984320795fc
- SSDEEP
  
  3072:SteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzy9qM:aq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader