dridex | ec126a40ced93a590e2dba336186743d088229c5ddc67092d3fe1b8c61f9477e | Triage

Sharing

General

Target

JaffaCakes118_ec126a40ced93a590e2dba336186743d088229c5ddc67092d3fe1b8c61f9477e
Size

188KB
Sample

241224-cxevdszkcr
MD5

e9d80fbb4aca7a9e415f8e755331a922
SHA1

c23ecd3b5d7c7e09079439e3e84d5a7047eb68ae
SHA256

ec126a40ced93a590e2dba336186743d088229c5ddc67092d3fe1b8c61f9477e
SHA512

da76781d9200ae1f2451a19b2d97fb1bf0386620d5d26f219575437d4a18e3a11323166998019ab413104b39aba8045f132a0c4dd56ccaf5a1aa440c2a39d6d4
SSDEEP

3072:SteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzk9qM:aq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_ec126a40ced93a590e2dba336186743d088229c5ddc67092d3fe1b8c61f9477e
- Size
  
  188KB
- MD5
  
  e9d80fbb4aca7a9e415f8e755331a922
- SHA1
  
  c23ecd3b5d7c7e09079439e3e84d5a7047eb68ae
- SHA256
  
  ec126a40ced93a590e2dba336186743d088229c5ddc67092d3fe1b8c61f9477e
- SHA512
  
  da76781d9200ae1f2451a19b2d97fb1bf0386620d5d26f219575437d4a18e3a11323166998019ab413104b39aba8045f132a0c4dd56ccaf5a1aa440c2a39d6d4
- SSDEEP
  
  3072:SteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzk9qM:aq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader