dridex | 2d0f115fbd9133dec2459ab155525286a6418efea674e667337d97dfd296c433 | Triage

Sharing

General

Target

JaffaCakes118_2d0f115fbd9133dec2459ab155525286a6418efea674e667337d97dfd296c433
Size

184KB
Sample

241224-ydzw4svqhr
MD5

606dc0e4de467e318ed193c01423c070
SHA1

68294db16668efe40562a8460a86f9154dcdbfdf
SHA256

2d0f115fbd9133dec2459ab155525286a6418efea674e667337d97dfd296c433
SHA512

eb05dda375fc2bd68a93b35cea06d54d72ce83fd534248fe6c9ea105c01743914ed4523e88b7bcc61ffea10d03675dc8c45d347d0580b14dae3346dbc0bb25cc
SSDEEP

3072:CuwfhNXphcqs2tJYsoa9Xibolk0CtPBU1jhhF8ZJ8fDo4Khlmsb:87TXYsd9SkONU1jKGlylm

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

103.75.201.2:443

158.223.1.108:6225

165.22.28.242:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_2d0f115fbd9133dec2459ab155525286a6418efea674e667337d97dfd296c433
- Size
  
  184KB
- MD5
  
  606dc0e4de467e318ed193c01423c070
- SHA1
  
  68294db16668efe40562a8460a86f9154dcdbfdf
- SHA256
  
  2d0f115fbd9133dec2459ab155525286a6418efea674e667337d97dfd296c433
- SHA512
  
  eb05dda375fc2bd68a93b35cea06d54d72ce83fd534248fe6c9ea105c01743914ed4523e88b7bcc61ffea10d03675dc8c45d347d0580b14dae3346dbc0bb25cc
- SSDEEP
  
  3072:CuwfhNXphcqs2tJYsoa9Xibolk0CtPBU1jhhF8ZJ8fDo4Khlmsb:87TXYsd9SkONU1jKGlylm
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader