dridex | 5cbf0f316f62cbcdf3e8031621abe51cdfac7111cf5b2dc7f19de78b73dac811 | Triage

Sharing

General

Target

JaffaCakes118_5cbf0f316f62cbcdf3e8031621abe51cdfac7111cf5b2dc7f19de78b73dac811
Size

188KB
Sample

241224-cj2f8syqbk
MD5

a783f5f9856f4cfa3531843a53943666
SHA1

3302747741f30606ad0279a1dcd48e4ea8d9f4fc
SHA256

5cbf0f316f62cbcdf3e8031621abe51cdfac7111cf5b2dc7f19de78b73dac811
SHA512

ce28ece8d81b2b2ea71a72f82b9038a4419bdf26048583bc332a9d5763a9975ecbfc7a9b5b8cfe8816e797f3be082c5d49b339535a451e25f42f61f90fe1ca66
SSDEEP

3072:TteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzY9qM:bq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_5cbf0f316f62cbcdf3e8031621abe51cdfac7111cf5b2dc7f19de78b73dac811
- Size
  
  188KB
- MD5
  
  a783f5f9856f4cfa3531843a53943666
- SHA1
  
  3302747741f30606ad0279a1dcd48e4ea8d9f4fc
- SHA256
  
  5cbf0f316f62cbcdf3e8031621abe51cdfac7111cf5b2dc7f19de78b73dac811
- SHA512
  
  ce28ece8d81b2b2ea71a72f82b9038a4419bdf26048583bc332a9d5763a9975ecbfc7a9b5b8cfe8816e797f3be082c5d49b339535a451e25f42f61f90fe1ca66
- SSDEEP
  
  3072:TteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzY9qM:bq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader