dridex | 4a62bcc1d34a3e75a078062f9d2a13f9959af515b1cb19fb8594e28cc6c5fc31 | Triage

Sharing

General

Target

JaffaCakes118_4a62bcc1d34a3e75a078062f9d2a13f9959af515b1cb19fb8594e28cc6c5fc31
Size

162KB
Sample

241224-m7hn5swmdj
MD5

7fec18eed6ebc8b2097ec9dca312cb40
SHA1

e84325cc7d546eab19f6b1f77ca27cbb2b3e6026
SHA256

4a62bcc1d34a3e75a078062f9d2a13f9959af515b1cb19fb8594e28cc6c5fc31
SHA512

c70fa7b0b5be5cc2d3f4b8455b36d30327c813ff66ce82904cb53675559bed25c06fd1747b6cc8ba706bbd005da4a254788710008b84fb9c55edd5d32678eb98
SSDEEP

3072:kesl4+VdlY+01jb5SA5hg9PTEfPa1x+pq0KbuFicLJL:e4+VZQpt5hyPsa1ekiEyL

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

203.114.109.124:443

82.165.145.100:6601

94.177.255.18:8172

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_4a62bcc1d34a3e75a078062f9d2a13f9959af515b1cb19fb8594e28cc6c5fc31
- Size
  
  162KB
- MD5
  
  7fec18eed6ebc8b2097ec9dca312cb40
- SHA1
  
  e84325cc7d546eab19f6b1f77ca27cbb2b3e6026
- SHA256
  
  4a62bcc1d34a3e75a078062f9d2a13f9959af515b1cb19fb8594e28cc6c5fc31
- SHA512
  
  c70fa7b0b5be5cc2d3f4b8455b36d30327c813ff66ce82904cb53675559bed25c06fd1747b6cc8ba706bbd005da4a254788710008b84fb9c55edd5d32678eb98
- SSDEEP
  
  3072:kesl4+VdlY+01jb5SA5hg9PTEfPa1x+pq0KbuFicLJL:e4+VZQpt5hyPsa1ekiEyL
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader