dridex | db1817fddbf4cd2cf57004c9fa571d303f9eb9662864ec030bbdcb1e319e7e41 | Triage

Sharing

General

Target

JaffaCakes118_db1817fddbf4cd2cf57004c9fa571d303f9eb9662864ec030bbdcb1e319e7e41
Size

184KB
Sample

241223-zzg4vs1pek
MD5

b376b8186f8efceddf19bd43804ccaa0
SHA1

fd6201352453fb696ecc3f9c1e95bbf9f6581b8a
SHA256

db1817fddbf4cd2cf57004c9fa571d303f9eb9662864ec030bbdcb1e319e7e41
SHA512

7fec758cfb817d1510c516e5a2133d9cbf0f194a8a4ca559a05fdfd23d16aa3c41a396eff020b1bf765692394702e485de054e7a04bb33e5e1d0568c9f6e66e9
SSDEEP

3072:liLVj+luuUXoPOK2z1WPRgg5YbW+d0Ojk1bSA5q/eaoblzoxss7:liLVCIT4WK2z1W+CUHZj4Skq/eaohoC

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

80.241.218.90:443

103.161.172.109:13786

87.98.128.76:5723

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_db1817fddbf4cd2cf57004c9fa571d303f9eb9662864ec030bbdcb1e319e7e41
- Size
  
  184KB
- MD5
  
  b376b8186f8efceddf19bd43804ccaa0
- SHA1
  
  fd6201352453fb696ecc3f9c1e95bbf9f6581b8a
- SHA256
  
  db1817fddbf4cd2cf57004c9fa571d303f9eb9662864ec030bbdcb1e319e7e41
- SHA512
  
  7fec758cfb817d1510c516e5a2133d9cbf0f194a8a4ca559a05fdfd23d16aa3c41a396eff020b1bf765692394702e485de054e7a04bb33e5e1d0568c9f6e66e9
- SSDEEP
  
  3072:liLVj+luuUXoPOK2z1WPRgg5YbW+d0Ojk1bSA5q/eaoblzoxss7:liLVCIT4WK2z1W+CUHZj4Skq/eaohoC
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader