dridex | 20a5de825f87f1f5f841febf8e22d9fab0d9b3703f1975b940a9b14e572c00e4 | Triage

Sharing

General

Target

JaffaCakes118_20a5de825f87f1f5f841febf8e22d9fab0d9b3703f1975b940a9b14e572c00e4
Size

188KB
Sample

241224-a56xqswrfs
MD5

abbda0e3fbb4a9d4927c7cb11eadb4e2
SHA1

66f2c7c69350dfe0ba136bd9bcbbcc5812fbf470
SHA256

20a5de825f87f1f5f841febf8e22d9fab0d9b3703f1975b940a9b14e572c00e4
SHA512

8c88d26f35b6a676ee68e566051e7a3848668b7e3db55b7a9fc1d698e6d0ed1f70537df7cefd0a8727aac3a608aa007f6b986e0764af96462f4559c7c0400162
SSDEEP

3072:PteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIze9qM:Xq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_20a5de825f87f1f5f841febf8e22d9fab0d9b3703f1975b940a9b14e572c00e4
- Size
  
  188KB
- MD5
  
  abbda0e3fbb4a9d4927c7cb11eadb4e2
- SHA1
  
  66f2c7c69350dfe0ba136bd9bcbbcc5812fbf470
- SHA256
  
  20a5de825f87f1f5f841febf8e22d9fab0d9b3703f1975b940a9b14e572c00e4
- SHA512
  
  8c88d26f35b6a676ee68e566051e7a3848668b7e3db55b7a9fc1d698e6d0ed1f70537df7cefd0a8727aac3a608aa007f6b986e0764af96462f4559c7c0400162
- SSDEEP
  
  3072:PteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIze9qM:Xq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader