dridex | c777fbb63a1fd210bea380f85d322b985df109ca50439438cfc5754bd83d54ec | Triage

Sharing

General

Target

JaffaCakes118_c777fbb63a1fd210bea380f85d322b985df109ca50439438cfc5754bd83d54ec
Size

188KB
Sample

241224-dw319s1jdw
MD5

d88c4c4cfcb727676d872161ce95f134
SHA1

ae7f47a9b8b907c2e672fc183b7d2162e0daafe5
SHA256

c777fbb63a1fd210bea380f85d322b985df109ca50439438cfc5754bd83d54ec
SHA512

853e0c9565856260a818ca502cbc652e51ff468a77f724b14476e62b29c74418a609bf839ad2a7e7b3624521615b74203afb6695300c290c100688f3d9ddc5da
SSDEEP

3072:MteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzy9qM:wq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_c777fbb63a1fd210bea380f85d322b985df109ca50439438cfc5754bd83d54ec
- Size
  
  188KB
- MD5
  
  d88c4c4cfcb727676d872161ce95f134
- SHA1
  
  ae7f47a9b8b907c2e672fc183b7d2162e0daafe5
- SHA256
  
  c777fbb63a1fd210bea380f85d322b985df109ca50439438cfc5754bd83d54ec
- SHA512
  
  853e0c9565856260a818ca502cbc652e51ff468a77f724b14476e62b29c74418a609bf839ad2a7e7b3624521615b74203afb6695300c290c100688f3d9ddc5da
- SSDEEP
  
  3072:MteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzy9qM:wq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader