dridex | f96300ef7e86d97471897f563f6b098121d73ad500bff4079868f7b268482def | Triage

Sharing

General

Target

JaffaCakes118_f96300ef7e86d97471897f563f6b098121d73ad500bff4079868f7b268482def
Size

162KB
Sample

241225-c62qhsvqcm
MD5

380850909c58a88a74f0d5f31052cdfe
SHA1

8897582cc8ec51ace217b48136d44637c581e010
SHA256

f96300ef7e86d97471897f563f6b098121d73ad500bff4079868f7b268482def
SHA512

4f44b60d9b4a473ba76a718aa492d6e22a9120636a4bb8dcb441998a07dd942fa54fc7381d5cd82c1a8a1a2a8bfba03ad16d7dbee875810be245d4f7ff9537b5
SSDEEP

3072:gesl4+VdlY+01jb5SA5hg9PTEfPa1x+pq0KbuFicLHB:q4+VZQpt5hyPsa1ekiEIB

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

203.114.109.124:443

82.165.145.100:6601

94.177.255.18:8172

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_f96300ef7e86d97471897f563f6b098121d73ad500bff4079868f7b268482def
- Size
  
  162KB
- MD5
  
  380850909c58a88a74f0d5f31052cdfe
- SHA1
  
  8897582cc8ec51ace217b48136d44637c581e010
- SHA256
  
  f96300ef7e86d97471897f563f6b098121d73ad500bff4079868f7b268482def
- SHA512
  
  4f44b60d9b4a473ba76a718aa492d6e22a9120636a4bb8dcb441998a07dd942fa54fc7381d5cd82c1a8a1a2a8bfba03ad16d7dbee875810be245d4f7ff9537b5
- SSDEEP
  
  3072:gesl4+VdlY+01jb5SA5hg9PTEfPa1x+pq0KbuFicLHB:q4+VZQpt5hyPsa1ekiEIB
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader