dridex | fc302036528970904d78cf35287189fae71a5523732ae08b8208ffe27940574d | Triage

Sharing

General

Target

JaffaCakes118_fc302036528970904d78cf35287189fae71a5523732ae08b8208ffe27940574d
Size

177KB
Sample

241224-mqldpsvngw
MD5

3297ae8e30004e3e6ae540c188603e15
SHA1

281ffdac92f5126d45e96033628ad73fb74d444a
SHA256

fc302036528970904d78cf35287189fae71a5523732ae08b8208ffe27940574d
SHA512

23e8361825fc960cc0ed16e1b097227323dc44a83ec248f2b4d092d141a0acdbd4701c5ff7719a6ece6bd3d3677bd6bd35abe9839e64e31b271564bee36556b4
SSDEEP

3072:5uCmyBVtWxZCOCA4Hpl1tv18FTETA8ocya/OyoSJPAacbnid8DOHPJ+HJ:lzWxkOP4p2EesvcDi6DOHPJ

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

144.76.1.150:443

50.249.212.98:23399

104.168.154.79:5007

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_fc302036528970904d78cf35287189fae71a5523732ae08b8208ffe27940574d
- Size
  
  177KB
- MD5
  
  3297ae8e30004e3e6ae540c188603e15
- SHA1
  
  281ffdac92f5126d45e96033628ad73fb74d444a
- SHA256
  
  fc302036528970904d78cf35287189fae71a5523732ae08b8208ffe27940574d
- SHA512
  
  23e8361825fc960cc0ed16e1b097227323dc44a83ec248f2b4d092d141a0acdbd4701c5ff7719a6ece6bd3d3677bd6bd35abe9839e64e31b271564bee36556b4
- SSDEEP
  
  3072:5uCmyBVtWxZCOCA4Hpl1tv18FTETA8ocya/OyoSJPAacbnid8DOHPJ+HJ:lzWxkOP4p2EesvcDi6DOHPJ
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader