dridex | bee7050122d0f8521a11ee7f2e63c70007b217b7558a49629f7a6450a447b74a | Triage

Sharing

General

Target

JaffaCakes118_bee7050122d0f8521a11ee7f2e63c70007b217b7558a49629f7a6450a447b74a
Size

363KB
Sample

241224-y6qtxawqcr
MD5

8ec974694be7d747663620c9ebdf6357
SHA1

9b3facbff5ba5c2fd1ff1dd7cfd0979777c24ddf
SHA256

bee7050122d0f8521a11ee7f2e63c70007b217b7558a49629f7a6450a447b74a
SHA512

27760ac773ce0f339197ae1698477b97111cd3af513bec3442019b2709465cf5821b0309580ff472daa10ed06542a43cc39b27fff073fe33ece151754e911962
SSDEEP

6144:q8ga6iSKXXtvQde6lAbSVcKzfIAPNQHHbjovUmTrPKtjhREeE4Tp5iOaswXNEl:Mz7KXXhFccKk/bjrerPMv9NpRxl

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

178.62.205.130:443

45.90.108.123:13786

198.199.98.78:9217

rc4.plain

rc4.plain

Targets

- Target
  
  2_kbd101c.dll
- Size
  
  180KB
- MD5
  
  13607671c64e6859be1f83fb324344f9
- SHA1
  
  6ef50dbb7dff8dd9e860fd1c5b36a4f3df1c2863
- SHA256
  
  b8e4c68f8843fe8f2f12d5cc636c824a338ddaa24feee9e9e5e380169b07b231
- SHA512
  
  4f466b28d492ef583c2a35998eeaf8645b4afe50fc47aa93de6e8b5a504f420b4ba90e2c0be47469135031f43f79aeb3cbd7662eb5b096385be903724bae4bd7
- SSDEEP
  
  3072:/qdhtjVkooePHOHX9s/4R1ltAeSKt84r5AMUpbSPS:CgopPu3q/4FCur5AMC2P
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2
- Target
  
  5_WfHC.dll
- Size
  
  180KB
- MD5
  
  172e33cda92623f3f9b3213954f52e9e
- SHA1
  
  05f886e3a9d32eb725dc4f3128c62a0165bc0506
- SHA256
  
  0d9a0d05c7ba4ae81904e64f66235e032ded422aa95de11b8a9691123f911885
- SHA512
  
  6020c33d350c062440ceb9f58bfcece422d71f9f1e36dc155c05f20df752a2a7158d5e62d66eb0f857fb2fc968cd1ed25a3f91b7de0bb4615f15af3ba5c0668e
- SSDEEP
  
  3072:vqzhtjVkooePHOHX9s/4R1ltAeSKt84r5AMUpbSeS:yuopPu3q/4FCur5AMC2e
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral3 behavioral4
- Target
  
  9_shlwapi.dll
- Size
  
  180KB
- MD5
  
  4e883f7247e1ef95ab0cfc974a5d3b88
- SHA1
  
  99049f145d976731e946f70adc70cb243ca93fc9
- SHA256
  
  653aa17fbf6949e5bdba2599a9a3df4bb8ec259a5cf0eb7c3b08b6813c4283e7
- SHA512
  
  fe9adaa182a3823b79fabfda0f1530c8147b04af39fd0f9e4974033393b8689c506ce75d2fc3b6add28f09c78b9b0873cd0755ba353ffe38760eeadc4bb00660
- SSDEEP
  
  3072:vqNhtjVkooePHOHX9s/4R1ltAeSKt84r5AMUpbSpS:ywopPu3q/4FCur5AMC2p
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader

behavioral3

dridex22202botnetdiscoveryloader

behavioral4

dridex22202botnetdiscoveryloader

behavioral5

dridex22202botnetdiscoveryloader

behavioral6

dridex22202botnetdiscoveryloader