dridex | b2c6dc9dd7cd32707b8661cc58ece90ede6e7f4b1820d6d8f65fa94dd0e66805 | Triage

Sharing

General

Target

JaffaCakes118_b2c6dc9dd7cd32707b8661cc58ece90ede6e7f4b1820d6d8f65fa94dd0e66805
Size

184KB
Sample

241224-sdkvasznbs
MD5

3ec163086ab9f18a8dcd12e5a34a8d83
SHA1

78685aa778a0093d78f6236f4033639ba14d4526
SHA256

b2c6dc9dd7cd32707b8661cc58ece90ede6e7f4b1820d6d8f65fa94dd0e66805
SHA512

d02f0d71ae27d5f68ff77cfb95569a74bcbaa6b0b68693d42766da8d8ea567d816cf350cb9d4f2b8590b9baca8260a944c6efe318b9ee980ff6d99313f8f64c2
SSDEEP

3072:RiLVj+luuUXoPOK2z1WPRgg5YbW+d0Ojk1bSA5q/eao8lzoxss7:RiLVCIT4WK2z1W+CUHZj4Skq/eaoCoC

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

80.241.218.90:443

103.161.172.109:13786

87.98.128.76:5723

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_b2c6dc9dd7cd32707b8661cc58ece90ede6e7f4b1820d6d8f65fa94dd0e66805
- Size
  
  184KB
- MD5
  
  3ec163086ab9f18a8dcd12e5a34a8d83
- SHA1
  
  78685aa778a0093d78f6236f4033639ba14d4526
- SHA256
  
  b2c6dc9dd7cd32707b8661cc58ece90ede6e7f4b1820d6d8f65fa94dd0e66805
- SHA512
  
  d02f0d71ae27d5f68ff77cfb95569a74bcbaa6b0b68693d42766da8d8ea567d816cf350cb9d4f2b8590b9baca8260a944c6efe318b9ee980ff6d99313f8f64c2
- SSDEEP
  
  3072:RiLVj+luuUXoPOK2z1WPRgg5YbW+d0Ojk1bSA5q/eao8lzoxss7:RiLVCIT4WK2z1W+CUHZj4Skq/eaoCoC
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader