dridex | f0d593fa395b849b66bf9abb4ea077386b509ecd80b0199132a657cb108b32e4 | Triage

Sharing

General

Target

JaffaCakes118_f0d593fa395b849b66bf9abb4ea077386b509ecd80b0199132a657cb108b32e4
Size

156KB
Sample

241224-avreaswqhk
MD5

2f5a54d016e07a44d33123c96d4a5384
SHA1

33a25a1b27121e3056a5877b81c9b1c9e90a08e0
SHA256

f0d593fa395b849b66bf9abb4ea077386b509ecd80b0199132a657cb108b32e4
SHA512

20d712053997cbffc180c84f33ec70603a558ad68eafe26a7ed13a3386fba164032bf0c663c9dc651c9e6ff0d6aa9d340b7d53a0c73d4c863307620b58885e9c
SSDEEP

3072:7yqDAKfnwLu67wJfAXzgAV12yo1DxbJ6rcKyMYK4f:RaiuwJ6zLV1/Sll5KM

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

43.229.206.212:443

82.209.17.209:8172

162.241.209.225:4125

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_f0d593fa395b849b66bf9abb4ea077386b509ecd80b0199132a657cb108b32e4
- Size
  
  156KB
- MD5
  
  2f5a54d016e07a44d33123c96d4a5384
- SHA1
  
  33a25a1b27121e3056a5877b81c9b1c9e90a08e0
- SHA256
  
  f0d593fa395b849b66bf9abb4ea077386b509ecd80b0199132a657cb108b32e4
- SHA512
  
  20d712053997cbffc180c84f33ec70603a558ad68eafe26a7ed13a3386fba164032bf0c663c9dc651c9e6ff0d6aa9d340b7d53a0c73d4c863307620b58885e9c
- SSDEEP
  
  3072:7yqDAKfnwLu67wJfAXzgAV12yo1DxbJ6rcKyMYK4f:RaiuwJ6zLV1/Sll5KM
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader