dridex | b8c34fd6e46f3a0c3e3af6e5d87bf7dcad011633b5d588f64e8da9f3afc98a22 | Triage

Sharing

General

Target

JaffaCakes118_b8c34fd6e46f3a0c3e3af6e5d87bf7dcad011633b5d588f64e8da9f3afc98a22
Size

184KB
Sample

241224-shylyszqhk
MD5

858cff0e73768b90bbadce183df84127
SHA1

1f16ffd945e0d9c57594a0be14c01aa2b0e811ec
SHA256

b8c34fd6e46f3a0c3e3af6e5d87bf7dcad011633b5d588f64e8da9f3afc98a22
SHA512

64c9f29fecdc0d3fa8ff38d11ba4d68eb562567aa6cd0bbaf731d8874d391e39351047b90f3eb50e033025a69ec8d4e66df313ffa1d506565551488c9dbf3360
SSDEEP

3072:RiLVj+luuUXoPOK2z1WPRgg5YbW+d0Ojk1bSA5q/eaoNlzoxss7:RiLVCIT4WK2z1W+CUHZj4Skq/eaoDoC

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

80.241.218.90:443

103.161.172.109:13786

87.98.128.76:5723

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_b8c34fd6e46f3a0c3e3af6e5d87bf7dcad011633b5d588f64e8da9f3afc98a22
- Size
  
  184KB
- MD5
  
  858cff0e73768b90bbadce183df84127
- SHA1
  
  1f16ffd945e0d9c57594a0be14c01aa2b0e811ec
- SHA256
  
  b8c34fd6e46f3a0c3e3af6e5d87bf7dcad011633b5d588f64e8da9f3afc98a22
- SHA512
  
  64c9f29fecdc0d3fa8ff38d11ba4d68eb562567aa6cd0bbaf731d8874d391e39351047b90f3eb50e033025a69ec8d4e66df313ffa1d506565551488c9dbf3360
- SSDEEP
  
  3072:RiLVj+luuUXoPOK2z1WPRgg5YbW+d0Ojk1bSA5q/eaoNlzoxss7:RiLVCIT4WK2z1W+CUHZj4Skq/eaoDoC
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader