dridex | e67916b19b797c7b41f1b6facfb5e032191c0f69dd067e2db8bc090ab7f0a57f | Triage

Sharing

General

Target

JaffaCakes118_e67916b19b797c7b41f1b6facfb5e032191c0f69dd067e2db8bc090ab7f0a57f
Size

163KB
Sample

241224-l416msvjht
MD5

50993a71fc0d4ec62b217b58dc32d875
SHA1

b1f8948020254b647cca73c33b6914eee7908dbb
SHA256

e67916b19b797c7b41f1b6facfb5e032191c0f69dd067e2db8bc090ab7f0a57f
SHA512

e0f59a4401296ac527bef6e75f78252c1b1b27556db570143ddac3785851458811d48e939d1826efa50a7e6db10ffc33b432de979240bf2317c627ade9250cfb
SSDEEP

3072:Rar6Ys6p54kfdo+APr0aYSbeO6aal8jeytFQTOpp2J:rs4p+ADxnSO6D2cOp

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

43.229.206.212:443

82.209.17.209:8172

162.241.209.225:4125

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_e67916b19b797c7b41f1b6facfb5e032191c0f69dd067e2db8bc090ab7f0a57f
- Size
  
  163KB
- MD5
  
  50993a71fc0d4ec62b217b58dc32d875
- SHA1
  
  b1f8948020254b647cca73c33b6914eee7908dbb
- SHA256
  
  e67916b19b797c7b41f1b6facfb5e032191c0f69dd067e2db8bc090ab7f0a57f
- SHA512
  
  e0f59a4401296ac527bef6e75f78252c1b1b27556db570143ddac3785851458811d48e939d1826efa50a7e6db10ffc33b432de979240bf2317c627ade9250cfb
- SSDEEP
  
  3072:Rar6Ys6p54kfdo+APr0aYSbeO6aal8jeytFQTOpp2J:rs4p+ADxnSO6D2cOp
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader