dridex | 9db5226e0ec1e7bc9300a8c109a4bc8b4206a791105da0f75304f595f487cba5 | Triage

Sharing

General

Target

JaffaCakes118_9db5226e0ec1e7bc9300a8c109a4bc8b4206a791105da0f75304f595f487cba5
Size

177KB
Sample

241224-mtxk5svpgw
MD5

37db18c4c73f505fc38db2c9fa635fd9
SHA1

dba465814e9ffa1c301f6b2daa2c13add7ac1bf7
SHA256

9db5226e0ec1e7bc9300a8c109a4bc8b4206a791105da0f75304f595f487cba5
SHA512

c4df19fcdb03bf860e209af0c8ac144d321257aeadf10924cf853c48767050ef27331c71e55578518d5c4e05f40e7e8b049fa8882033f5943754cec7b3c03b15
SSDEEP

3072:HuCmyBVtWxZCOCA4Hpl1tv18FTETA8ocya/OyoSJPAacbnid8DOHPJ+HJ:DzWxkOP4p2EesvcDi6DOHPJ

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

144.76.1.150:443

50.249.212.98:23399

104.168.154.79:5007

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_9db5226e0ec1e7bc9300a8c109a4bc8b4206a791105da0f75304f595f487cba5
- Size
  
  177KB
- MD5
  
  37db18c4c73f505fc38db2c9fa635fd9
- SHA1
  
  dba465814e9ffa1c301f6b2daa2c13add7ac1bf7
- SHA256
  
  9db5226e0ec1e7bc9300a8c109a4bc8b4206a791105da0f75304f595f487cba5
- SHA512
  
  c4df19fcdb03bf860e209af0c8ac144d321257aeadf10924cf853c48767050ef27331c71e55578518d5c4e05f40e7e8b049fa8882033f5943754cec7b3c03b15
- SSDEEP
  
  3072:HuCmyBVtWxZCOCA4Hpl1tv18FTETA8ocya/OyoSJPAacbnid8DOHPJ+HJ:DzWxkOP4p2EesvcDi6DOHPJ
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader