dridex | 6baac331f8ecf91c2c650095879be2aeaa8e366fb11dda08d1c331ed0b7bf551 | Triage

Sharing

General

Target

JaffaCakes118_6baac331f8ecf91c2c650095879be2aeaa8e366fb11dda08d1c331ed0b7bf551
Size

188KB
Sample

241224-c19h6szleq
MD5

36a3155d38e88b9e23b8cf4b22ce47e4
SHA1

fbcb29845ba88f91ab6cc84b6ed5f60b912ee0b8
SHA256

6baac331f8ecf91c2c650095879be2aeaa8e366fb11dda08d1c331ed0b7bf551
SHA512

9f7eff45048c110ade1413c250ee5e9b7668f968091e2445fef0d99722f32ccea25bb127a59734576560c60c981ffe8077ccc671286449747cdb1030fc6fe406
SSDEEP

3072:PteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIz/9qM:Xq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_6baac331f8ecf91c2c650095879be2aeaa8e366fb11dda08d1c331ed0b7bf551
- Size
  
  188KB
- MD5
  
  36a3155d38e88b9e23b8cf4b22ce47e4
- SHA1
  
  fbcb29845ba88f91ab6cc84b6ed5f60b912ee0b8
- SHA256
  
  6baac331f8ecf91c2c650095879be2aeaa8e366fb11dda08d1c331ed0b7bf551
- SHA512
  
  9f7eff45048c110ade1413c250ee5e9b7668f968091e2445fef0d99722f32ccea25bb127a59734576560c60c981ffe8077ccc671286449747cdb1030fc6fe406
- SSDEEP
  
  3072:PteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIz/9qM:Xq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader