dridex | 6b626d4db7cbe77ca83dbdbeb118df25ea4074f9de5b42feccd9b7e273320fe3 | Triage

Sharing

General

Target

JaffaCakes118_6b626d4db7cbe77ca83dbdbeb118df25ea4074f9de5b42feccd9b7e273320fe3
Size

170KB
Sample

241224-bh3ggaxnhn
MD5

f396593f762c776217e3ac00ad8c0b88
SHA1

e822e5de6ac2b3d12edb60e00638e459f1371130
SHA256

6b626d4db7cbe77ca83dbdbeb118df25ea4074f9de5b42feccd9b7e273320fe3
SHA512

daba64d9aa06ec52600e8b983b837bbeaf380b63d7cbed009565c7e5f051cc3c39e99c9e058b0631a5b4d4a7c9be238487c18d3c47a13c9cabc7b244d561f948
SSDEEP

3072:EV/jTmL3X6TLhgZBxbvRS1ebSi75S5NNZ4n+whXVM9MWdo8erj:EV/jTe38LiI4Oi75izyn+4lm

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

210.65.244.187:443

162.241.41.92:2303

46.231.204.10:8172

185.183.159.100:4125

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_6b626d4db7cbe77ca83dbdbeb118df25ea4074f9de5b42feccd9b7e273320fe3
- Size
  
  170KB
- MD5
  
  f396593f762c776217e3ac00ad8c0b88
- SHA1
  
  e822e5de6ac2b3d12edb60e00638e459f1371130
- SHA256
  
  6b626d4db7cbe77ca83dbdbeb118df25ea4074f9de5b42feccd9b7e273320fe3
- SHA512
  
  daba64d9aa06ec52600e8b983b837bbeaf380b63d7cbed009565c7e5f051cc3c39e99c9e058b0631a5b4d4a7c9be238487c18d3c47a13c9cabc7b244d561f948
- SSDEEP
  
  3072:EV/jTmL3X6TLhgZBxbvRS1ebSi75S5NNZ4n+whXVM9MWdo8erj:EV/jTe38LiI4Oi75izyn+4lm
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader