dridex | eb173152d27784b7f9a42ecf7072589da21e9c4de62c4eeac4c558a67d8af607 | Triage

Sharing

General

Target

JaffaCakes118_eb173152d27784b7f9a42ecf7072589da21e9c4de62c4eeac4c558a67d8af607
Size

166KB
Sample

241225-rb3rnavke1
MD5

cc9a2e6d0556f9b0811076d9df0150d7
SHA1

53a7a343c3b34c5d1b2527da4810b00fafaf4330
SHA256

eb173152d27784b7f9a42ecf7072589da21e9c4de62c4eeac4c558a67d8af607
SHA512

1eace2dd93eb87cbff7ff9d33e30be45c21ee6ed421518fd320916d621100bb436dea6f62a7b29c4ea27f053ca8968898c3e562d257ab6103fece1582b05b0e4
SSDEEP

3072:duFbQtsYQcjxanytIp92/l1iPPqs1/whG68DaHrnpDZ+Lc:d0czbty9uiaJl6c

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

131.100.24.202:443

193.160.214.95:4125

67.43.4.76:8172

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_eb173152d27784b7f9a42ecf7072589da21e9c4de62c4eeac4c558a67d8af607
- Size
  
  166KB
- MD5
  
  cc9a2e6d0556f9b0811076d9df0150d7
- SHA1
  
  53a7a343c3b34c5d1b2527da4810b00fafaf4330
- SHA256
  
  eb173152d27784b7f9a42ecf7072589da21e9c4de62c4eeac4c558a67d8af607
- SHA512
  
  1eace2dd93eb87cbff7ff9d33e30be45c21ee6ed421518fd320916d621100bb436dea6f62a7b29c4ea27f053ca8968898c3e562d257ab6103fece1582b05b0e4
- SSDEEP
  
  3072:duFbQtsYQcjxanytIp92/l1iPPqs1/whG68DaHrnpDZ+Lc:d0czbty9uiaJl6c
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader