dridex | 528fe3090f97e0d0b7d781a640fe6be753068812459b6e84195023ccb0de7263 | Triage

Sharing

General

Target

JaffaCakes118_528fe3090f97e0d0b7d781a640fe6be753068812459b6e84195023ccb0de7263
Size

184KB
Sample

241224-cqsgxaypez
MD5

599ec952d08668a92e49017017c04e63
SHA1

fcab470050136d5ce3bfe2a2cb7c7d54c1e908da
SHA256

528fe3090f97e0d0b7d781a640fe6be753068812459b6e84195023ccb0de7263
SHA512

ab77792f1e35beac43ed8914ccc7a906b7bd896d47618c091b1aaec212351aa2affbba26b76193cff791499058ccfc3c746659841d98d78e94044f63f99ec2d3
SSDEEP

3072:XgkQz1PuOprc+kq6VNOe3qbarVEpZlcbBacS9nOdg4dA4l:SPFkq6zOe5ilSanODd

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.75.201.2:443

158.223.1.108:6225

165.22.28.242:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_528fe3090f97e0d0b7d781a640fe6be753068812459b6e84195023ccb0de7263
- Size
  
  184KB
- MD5
  
  599ec952d08668a92e49017017c04e63
- SHA1
  
  fcab470050136d5ce3bfe2a2cb7c7d54c1e908da
- SHA256
  
  528fe3090f97e0d0b7d781a640fe6be753068812459b6e84195023ccb0de7263
- SHA512
  
  ab77792f1e35beac43ed8914ccc7a906b7bd896d47618c091b1aaec212351aa2affbba26b76193cff791499058ccfc3c746659841d98d78e94044f63f99ec2d3
- SSDEEP
  
  3072:XgkQz1PuOprc+kq6VNOe3qbarVEpZlcbBacS9nOdg4dA4l:SPFkq6zOe5ilSanODd
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader