dridex | 51e1f95513d1f05282b33c3430b40cd75840288f2792fce8a7abd1c558035985 | Triage

Sharing

General

Target

JaffaCakes118_51e1f95513d1f05282b33c3430b40cd75840288f2792fce8a7abd1c558035985
Size

188KB
Sample

241224-ldr52stpbn
MD5

af1fd19efbf56fb517679fd1edd08721
SHA1

684d4cf9e891a2c5e0a2c011e8c58a911d860dbb
SHA256

51e1f95513d1f05282b33c3430b40cd75840288f2792fce8a7abd1c558035985
SHA512

39d5ed0a6cb2587e8171a4e2c7d3bd8318e2bd07e734a4d6b94f84248c164e7b1544511a650da12101416bc191c8c5b0a45336c68155fe6c8de978c6a563bbf1
SSDEEP

3072:wteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIz09qM:kq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_51e1f95513d1f05282b33c3430b40cd75840288f2792fce8a7abd1c558035985
- Size
  
  188KB
- MD5
  
  af1fd19efbf56fb517679fd1edd08721
- SHA1
  
  684d4cf9e891a2c5e0a2c011e8c58a911d860dbb
- SHA256
  
  51e1f95513d1f05282b33c3430b40cd75840288f2792fce8a7abd1c558035985
- SHA512
  
  39d5ed0a6cb2587e8171a4e2c7d3bd8318e2bd07e734a4d6b94f84248c164e7b1544511a650da12101416bc191c8c5b0a45336c68155fe6c8de978c6a563bbf1
- SSDEEP
  
  3072:wteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIz09qM:kq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader