dridex | 2e63adf6c602135839fa2edc83811c9543571bb26c7a8f683f36d8d698523650 | Triage

Sharing

General

Target

JaffaCakes118_2e63adf6c602135839fa2edc83811c9543571bb26c7a8f683f36d8d698523650
Size

188KB
Sample

241224-dpdsss1kbk
MD5

0e6f365b297d7f9ab5806ddd2c8a650d
SHA1

f967ef669e1f179755a48bc8cc3c64855c4e0ea4
SHA256

2e63adf6c602135839fa2edc83811c9543571bb26c7a8f683f36d8d698523650
SHA512

fb283555099fb4f6d677d6c9877ce90f21fc8055fda80dfaef0e114fde7e4ec0c16b371e7e7c22426831a35e7f52207b92b7dcf99b4ca77cb20fbf7015b613cf
SSDEEP

3072:nteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzy9qM:/q7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_2e63adf6c602135839fa2edc83811c9543571bb26c7a8f683f36d8d698523650
- Size
  
  188KB
- MD5
  
  0e6f365b297d7f9ab5806ddd2c8a650d
- SHA1
  
  f967ef669e1f179755a48bc8cc3c64855c4e0ea4
- SHA256
  
  2e63adf6c602135839fa2edc83811c9543571bb26c7a8f683f36d8d698523650
- SHA512
  
  fb283555099fb4f6d677d6c9877ce90f21fc8055fda80dfaef0e114fde7e4ec0c16b371e7e7c22426831a35e7f52207b92b7dcf99b4ca77cb20fbf7015b613cf
- SSDEEP
  
  3072:nteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzy9qM:/q7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader