dridex | 48a10ee5e0d05eef9536f4c265a745c3beb22382faf42e5e24ebcb3e332bd1bd | Triage

Sharing

General

Target

JaffaCakes118_48a10ee5e0d05eef9536f4c265a745c3beb22382faf42e5e24ebcb3e332bd1bd
Size

177KB
Sample

241224-nh81gawpep
MD5

f18e8355ec6fb4b9acec347a54cbea60
SHA1

aa49b5f81926187926ba6b60c8203e8f28e17bf8
SHA256

48a10ee5e0d05eef9536f4c265a745c3beb22382faf42e5e24ebcb3e332bd1bd
SHA512

2d0165f56c15193fce53acb04bdb4e3042f54738fb233a740371b141632ff9f0112e2e38fb33550674fee82ae06c2e415a435f9ff282313c11e3923c84393cd8
SSDEEP

3072:guCmyBVtWxZCOCA4Hpl1tv18FTETA8ocya/OyoSJPAacbnid8DOHPJ+HJ:MzWxkOP4p2EesvcDi6DOHPJ

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

144.76.1.150:443

50.249.212.98:23399

104.168.154.79:5007

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_48a10ee5e0d05eef9536f4c265a745c3beb22382faf42e5e24ebcb3e332bd1bd
- Size
  
  177KB
- MD5
  
  f18e8355ec6fb4b9acec347a54cbea60
- SHA1
  
  aa49b5f81926187926ba6b60c8203e8f28e17bf8
- SHA256
  
  48a10ee5e0d05eef9536f4c265a745c3beb22382faf42e5e24ebcb3e332bd1bd
- SHA512
  
  2d0165f56c15193fce53acb04bdb4e3042f54738fb233a740371b141632ff9f0112e2e38fb33550674fee82ae06c2e415a435f9ff282313c11e3923c84393cd8
- SSDEEP
  
  3072:guCmyBVtWxZCOCA4Hpl1tv18FTETA8ocya/OyoSJPAacbnid8DOHPJ+HJ:MzWxkOP4p2EesvcDi6DOHPJ
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader