dridex | 3c20c9a6a0a8b68be0ef09d451cf5a41d9ace5f203b776f127a233ea8167147e | Triage

Sharing

General

Target

JaffaCakes118_3c20c9a6a0a8b68be0ef09d451cf5a41d9ace5f203b776f127a233ea8167147e
Size

188KB
Sample

241224-lcjghstmg1
MD5

ec6032062f93cf78b914b38e1d6448bd
SHA1

d3f1ec477db0958188e81977cfd21d24d48ea072
SHA256

3c20c9a6a0a8b68be0ef09d451cf5a41d9ace5f203b776f127a233ea8167147e
SHA512

730a8848dc84ddf984ac78e990ece028e5b8cf0f85ee6e9698f077cc82841526d031ccde0218619e3e6250d104281a12e31c9f75741e9d7d14393226fd0ad4ed
SSDEEP

3072:xteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzA9qM:dq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_3c20c9a6a0a8b68be0ef09d451cf5a41d9ace5f203b776f127a233ea8167147e
- Size
  
  188KB
- MD5
  
  ec6032062f93cf78b914b38e1d6448bd
- SHA1
  
  d3f1ec477db0958188e81977cfd21d24d48ea072
- SHA256
  
  3c20c9a6a0a8b68be0ef09d451cf5a41d9ace5f203b776f127a233ea8167147e
- SHA512
  
  730a8848dc84ddf984ac78e990ece028e5b8cf0f85ee6e9698f077cc82841526d031ccde0218619e3e6250d104281a12e31c9f75741e9d7d14393226fd0ad4ed
- SSDEEP
  
  3072:xteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzA9qM:dq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader