dridex | 852bdcd27fbdf2666020622a5218a446904114b62c2c3b9087d0788fef2d8596 | Triage

Sharing

General

Target

JaffaCakes118_852bdcd27fbdf2666020622a5218a446904114b62c2c3b9087d0788fef2d8596
Size

188KB
Sample

241224-le2e4stpdr
MD5

a63500adce5189f773f66f4f6c97f5b1
SHA1

35258b93c839a3c80c31c264c82451046e29ea30
SHA256

852bdcd27fbdf2666020622a5218a446904114b62c2c3b9087d0788fef2d8596
SHA512

fded1f00692ac40c113d002ffd2d711aebcf032e3f3f7e45bfc82d40ae0eb61c411e7fba56e03e855261c75a9e9c3e652fe8b0d5abdd1d3f981f18388ee3cf40
SSDEEP

3072:tteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzl9qM:Zq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_852bdcd27fbdf2666020622a5218a446904114b62c2c3b9087d0788fef2d8596
- Size
  
  188KB
- MD5
  
  a63500adce5189f773f66f4f6c97f5b1
- SHA1
  
  35258b93c839a3c80c31c264c82451046e29ea30
- SHA256
  
  852bdcd27fbdf2666020622a5218a446904114b62c2c3b9087d0788fef2d8596
- SHA512
  
  fded1f00692ac40c113d002ffd2d711aebcf032e3f3f7e45bfc82d40ae0eb61c411e7fba56e03e855261c75a9e9c3e652fe8b0d5abdd1d3f981f18388ee3cf40
- SSDEEP
  
  3072:tteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzl9qM:Zq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader