dridex | b571da133e0898dceaf0a9583b6168fd12aaa87687f68fc77a9e33efc483358b | Triage

Sharing

General

Target

JaffaCakes118_b571da133e0898dceaf0a9583b6168fd12aaa87687f68fc77a9e33efc483358b
Size

188KB
Sample

241224-ax7t3awpdz
MD5

052e2a9f431a1a871187af5d1ca1d512
SHA1

0fd3d8b53afc73bf881b89aa3014356fcebdb29c
SHA256

b571da133e0898dceaf0a9583b6168fd12aaa87687f68fc77a9e33efc483358b
SHA512

c2770e0b8ad2a093050222d16076f6bf49a18b78ebe59f091cb554c7ea4c21776f670b59bfd749cf1221fe22810a3d1616667eef4dfb4e43198d7997357c3c31
SSDEEP

3072:DteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzv9qM:rq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_b571da133e0898dceaf0a9583b6168fd12aaa87687f68fc77a9e33efc483358b
- Size
  
  188KB
- MD5
  
  052e2a9f431a1a871187af5d1ca1d512
- SHA1
  
  0fd3d8b53afc73bf881b89aa3014356fcebdb29c
- SHA256
  
  b571da133e0898dceaf0a9583b6168fd12aaa87687f68fc77a9e33efc483358b
- SHA512
  
  c2770e0b8ad2a093050222d16076f6bf49a18b78ebe59f091cb554c7ea4c21776f670b59bfd749cf1221fe22810a3d1616667eef4dfb4e43198d7997357c3c31
- SSDEEP
  
  3072:DteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzv9qM:rq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader