dridex | bdbaa1661be65c3165d07101745b7e41d6e84f13c5db8936931cf9124a779dab | Triage

Sharing

General

Target

JaffaCakes118_bdbaa1661be65c3165d07101745b7e41d6e84f13c5db8936931cf9124a779dab
Size

188KB
Sample

241224-b5k6psyldk
MD5

e2d05972fc851f82c8739e1ecf88e18a
SHA1

09ab510eba441466bf5272d141da03e7f759c2ee
SHA256

bdbaa1661be65c3165d07101745b7e41d6e84f13c5db8936931cf9124a779dab
SHA512

e84ef0a2523461b9ff848ca13c7a42dcfb4544e8637246b47f1bbaf112b76b388228292b3741c37d11894e9840fffce1fd65c96e21ea978e1ca23142d4b1c651
SSDEEP

3072:cteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzQ9qM:gq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_bdbaa1661be65c3165d07101745b7e41d6e84f13c5db8936931cf9124a779dab
- Size
  
  188KB
- MD5
  
  e2d05972fc851f82c8739e1ecf88e18a
- SHA1
  
  09ab510eba441466bf5272d141da03e7f759c2ee
- SHA256
  
  bdbaa1661be65c3165d07101745b7e41d6e84f13c5db8936931cf9124a779dab
- SHA512
  
  e84ef0a2523461b9ff848ca13c7a42dcfb4544e8637246b47f1bbaf112b76b388228292b3741c37d11894e9840fffce1fd65c96e21ea978e1ca23142d4b1c651
- SSDEEP
  
  3072:cteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzQ9qM:gq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader