dridex | 4b197a91288d69d0d712c3bcbbe7ebd636524cca68f68ab563f6eeed218bdde1 | Triage

Sharing

General

Target

JaffaCakes118_4b197a91288d69d0d712c3bcbbe7ebd636524cca68f68ab563f6eeed218bdde1
Size

184KB
Sample

241224-bkylasxmet
MD5

a4c9d2cf1afb3bda9545dd6e188c9e86
SHA1

541c777b745db9bd11c36682f95686c9d0e250bd
SHA256

4b197a91288d69d0d712c3bcbbe7ebd636524cca68f68ab563f6eeed218bdde1
SHA512

83bbe604a845288f6f47dcf4c0af0c73f80399e24b1653e2e0bce082e9f717443c584584d19cd9ee498c6e5567dd5f10c9a1c43f48b3e4c6916a6e971e7be1e1
SSDEEP

3072:zuwfhNXphcqs2tJYsoa9Xibolk0CtPBU1jhhF8ZJ8fDo4KClmsb:B7TXYsd9SkONU1jKGl9lm

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

103.75.201.2:443

158.223.1.108:6225

165.22.28.242:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_4b197a91288d69d0d712c3bcbbe7ebd636524cca68f68ab563f6eeed218bdde1
- Size
  
  184KB
- MD5
  
  a4c9d2cf1afb3bda9545dd6e188c9e86
- SHA1
  
  541c777b745db9bd11c36682f95686c9d0e250bd
- SHA256
  
  4b197a91288d69d0d712c3bcbbe7ebd636524cca68f68ab563f6eeed218bdde1
- SHA512
  
  83bbe604a845288f6f47dcf4c0af0c73f80399e24b1653e2e0bce082e9f717443c584584d19cd9ee498c6e5567dd5f10c9a1c43f48b3e4c6916a6e971e7be1e1
- SSDEEP
  
  3072:zuwfhNXphcqs2tJYsoa9Xibolk0CtPBU1jhhF8ZJ8fDo4KClmsb:B7TXYsd9SkONU1jKGl9lm
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader