dridex | 95efea604b9a2c15e9019692e40f9ccd044dbb37b4dec1c1b41373c6368cc4ae | Triage

Sharing

General

Target

JaffaCakes118_95efea604b9a2c15e9019692e40f9ccd044dbb37b4dec1c1b41373c6368cc4ae
Size

184KB
Sample

241224-c8tspazpbq
MD5

2857cbc1bd1a73af3df916cd14f833e9
SHA1

f35b3fb0bd3449eb684d2edf0aafdfee56ce8181
SHA256

95efea604b9a2c15e9019692e40f9ccd044dbb37b4dec1c1b41373c6368cc4ae
SHA512

a58627429a0b4928b1537e43587f06031bcfde2b7c51cdc5d954dc2e0822c2585312c9a701cdaf2f71e74560f60ea8dd1ec4b8a34f66ff385c0ea55e67cd89dc
SSDEEP

3072:5gkQz1PuOprc+kq6VNOe3qbarVEpZlcbBacS9nOdg2dA4l:gPFkq6zOe5ilSanOZd

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.75.201.2:443

158.223.1.108:6225

165.22.28.242:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_95efea604b9a2c15e9019692e40f9ccd044dbb37b4dec1c1b41373c6368cc4ae
- Size
  
  184KB
- MD5
  
  2857cbc1bd1a73af3df916cd14f833e9
- SHA1
  
  f35b3fb0bd3449eb684d2edf0aafdfee56ce8181
- SHA256
  
  95efea604b9a2c15e9019692e40f9ccd044dbb37b4dec1c1b41373c6368cc4ae
- SHA512
  
  a58627429a0b4928b1537e43587f06031bcfde2b7c51cdc5d954dc2e0822c2585312c9a701cdaf2f71e74560f60ea8dd1ec4b8a34f66ff385c0ea55e67cd89dc
- SSDEEP
  
  3072:5gkQz1PuOprc+kq6VNOe3qbarVEpZlcbBacS9nOdg2dA4l:gPFkq6zOe5ilSanOZd
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader