dridex | 3ecc6db17a065b40c6bcf1054a1719fc8a717e1becce18754856ca706841d8f9 | Triage

Sharing

General

Target

JaffaCakes118_3ecc6db17a065b40c6bcf1054a1719fc8a717e1becce18754856ca706841d8f9
Size

184KB
Sample

241224-t2qk5a1qd1
MD5

252e77b7f1e5128036d274a58ebb63cf
SHA1

54d6ebd17877de4dcb43b01dd841c0d2c1689439
SHA256

3ecc6db17a065b40c6bcf1054a1719fc8a717e1becce18754856ca706841d8f9
SHA512

922baa2763446add31dd3e23d1926c417117031f46c2fe7158d31900ac2fb46b3a0457bcaa08aa0fe4ef374754544e8a78da66a6e56a09b0fc8acaae3fcd3c78
SSDEEP

3072:yuwfhNXphcqs2tJYsoa9Xibolk0CtPBU1jhhF8ZJ8fDo4KLlmsb:s7TXYsd9SkONU1jKGlwlm

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

103.75.201.2:443

158.223.1.108:6225

165.22.28.242:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_3ecc6db17a065b40c6bcf1054a1719fc8a717e1becce18754856ca706841d8f9
- Size
  
  184KB
- MD5
  
  252e77b7f1e5128036d274a58ebb63cf
- SHA1
  
  54d6ebd17877de4dcb43b01dd841c0d2c1689439
- SHA256
  
  3ecc6db17a065b40c6bcf1054a1719fc8a717e1becce18754856ca706841d8f9
- SHA512
  
  922baa2763446add31dd3e23d1926c417117031f46c2fe7158d31900ac2fb46b3a0457bcaa08aa0fe4ef374754544e8a78da66a6e56a09b0fc8acaae3fcd3c78
- SSDEEP
  
  3072:yuwfhNXphcqs2tJYsoa9Xibolk0CtPBU1jhhF8ZJ8fDo4KLlmsb:s7TXYsd9SkONU1jKGlwlm
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader