dridex | 2388a147da9fbb9dc4493284a0208fddc328a1a0aae0f5179a82e7831948f215 | Triage

Sharing

General

Target

JaffaCakes118_2388a147da9fbb9dc4493284a0208fddc328a1a0aae0f5179a82e7831948f215
Size

163KB
Sample

241224-k4pxyatlct
MD5

633c5a98354a8680536c84d8d6fc7cc7
SHA1

f7e104121cf720e57afb5228b057b5a5af0cb42d
SHA256

2388a147da9fbb9dc4493284a0208fddc328a1a0aae0f5179a82e7831948f215
SHA512

932b8f076994d86e2b13076f9515663a095f8541eab2c9f7f0e5abdd8c717b2d9c360225645e5a7affb588a34157c6f20f90c7d22e0e8e9b7de316a2a952b9a3
SSDEEP

3072:19F/oNrQb4xVubbXP/NTccbsFvCeLmXH57V30e8Pj:19F6rQXvFczvYpQP

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

43.229.206.212:443

82.209.17.209:8172

162.241.209.225:4125

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_2388a147da9fbb9dc4493284a0208fddc328a1a0aae0f5179a82e7831948f215
- Size
  
  163KB
- MD5
  
  633c5a98354a8680536c84d8d6fc7cc7
- SHA1
  
  f7e104121cf720e57afb5228b057b5a5af0cb42d
- SHA256
  
  2388a147da9fbb9dc4493284a0208fddc328a1a0aae0f5179a82e7831948f215
- SHA512
  
  932b8f076994d86e2b13076f9515663a095f8541eab2c9f7f0e5abdd8c717b2d9c360225645e5a7affb588a34157c6f20f90c7d22e0e8e9b7de316a2a952b9a3
- SSDEEP
  
  3072:19F/oNrQb4xVubbXP/NTccbsFvCeLmXH57V30e8Pj:19F6rQXvFczvYpQP
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader