dridex | d4054a6b559656498fce0bb4cb0d50ecc8a25534c428c9572bf48e72364a30b4 | Triage

Sharing

General

Target

JaffaCakes118_d4054a6b559656498fce0bb4cb0d50ecc8a25534c428c9572bf48e72364a30b4
Size

188KB
Sample

241223-zjmz6s1jd1
MD5

d5c9a959ed65ccee6815e72755e48d8d
SHA1

68acd65b2a792e9d8d5d0513b82ccbb9d161bb40
SHA256

d4054a6b559656498fce0bb4cb0d50ecc8a25534c428c9572bf48e72364a30b4
SHA512

8eb050169d74669db7ba108002e9ee69840870026dd5bfa1ecff6a0401bd7b8fc98790df605874aaaabc14cbf4c6d8f17cc6a8cc5a4fddb171e5aaaa9a5c37a8
SSDEEP

3072:hteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzg9qM:tq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_d4054a6b559656498fce0bb4cb0d50ecc8a25534c428c9572bf48e72364a30b4
- Size
  
  188KB
- MD5
  
  d5c9a959ed65ccee6815e72755e48d8d
- SHA1
  
  68acd65b2a792e9d8d5d0513b82ccbb9d161bb40
- SHA256
  
  d4054a6b559656498fce0bb4cb0d50ecc8a25534c428c9572bf48e72364a30b4
- SHA512
  
  8eb050169d74669db7ba108002e9ee69840870026dd5bfa1ecff6a0401bd7b8fc98790df605874aaaabc14cbf4c6d8f17cc6a8cc5a4fddb171e5aaaa9a5c37a8
- SSDEEP
  
  3072:hteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzg9qM:tq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader