dridex | 0b8cc61782330997fa6e033d34185039e9bf82796ec42ce2a37dfdad6854b321 | Triage

Sharing

General

Target

JaffaCakes118_0b8cc61782330997fa6e033d34185039e9bf82796ec42ce2a37dfdad6854b321
Size

188KB
Sample

241224-cz4ljazjat
MD5

803e800e862116bd8bb98fb3bfdbbb4c
SHA1

b11a9452a1143f8819155edbeaf53bf9e45ac339
SHA256

0b8cc61782330997fa6e033d34185039e9bf82796ec42ce2a37dfdad6854b321
SHA512

fc29eb49106651f814d08e5bfdc30385a0147d60100530f7ec009329ac5a47e7ff5b9b8f77847c364f8353e860a36eb2a4e333cacbead2b7271bb5a425814374
SSDEEP

3072:NteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzc9qM:5q7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_0b8cc61782330997fa6e033d34185039e9bf82796ec42ce2a37dfdad6854b321
- Size
  
  188KB
- MD5
  
  803e800e862116bd8bb98fb3bfdbbb4c
- SHA1
  
  b11a9452a1143f8819155edbeaf53bf9e45ac339
- SHA256
  
  0b8cc61782330997fa6e033d34185039e9bf82796ec42ce2a37dfdad6854b321
- SHA512
  
  fc29eb49106651f814d08e5bfdc30385a0147d60100530f7ec009329ac5a47e7ff5b9b8f77847c364f8353e860a36eb2a4e333cacbead2b7271bb5a425814374
- SSDEEP
  
  3072:NteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzc9qM:5q7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader