dridex | a1afb83254443c5bfdd984d5bbc1b900e2b713ba207ab132d05f6a451910d91f | Triage

Sharing

General

Target

JaffaCakes118_a1afb83254443c5bfdd984d5bbc1b900e2b713ba207ab132d05f6a451910d91f
Size

166KB
Sample

241225-ynd3dswjaj
MD5

44cc4173de29306a6e4fa53e4042798c
SHA1

a8d1fd49d84dd77bac0e90c863fba13aac13cc57
SHA256

a1afb83254443c5bfdd984d5bbc1b900e2b713ba207ab132d05f6a451910d91f
SHA512

0c9662ff956dd21ceefd9b4aeeed241076dc9a82ad71f568d7502c81cb940dc4eb1965e8b84a0e49a354dc613128a4681bde23adb64fc8997c3442181cf76ad9
SSDEEP

3072:4uFbQtsYQcjxanytIp92/l1iPPqs1/whG68DaHrnpDZ+eE:40czbty9uiaJlHE

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

131.100.24.202:443

193.160.214.95:4125

67.43.4.76:8172

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_a1afb83254443c5bfdd984d5bbc1b900e2b713ba207ab132d05f6a451910d91f
- Size
  
  166KB
- MD5
  
  44cc4173de29306a6e4fa53e4042798c
- SHA1
  
  a8d1fd49d84dd77bac0e90c863fba13aac13cc57
- SHA256
  
  a1afb83254443c5bfdd984d5bbc1b900e2b713ba207ab132d05f6a451910d91f
- SHA512
  
  0c9662ff956dd21ceefd9b4aeeed241076dc9a82ad71f568d7502c81cb940dc4eb1965e8b84a0e49a354dc613128a4681bde23adb64fc8997c3442181cf76ad9
- SSDEEP
  
  3072:4uFbQtsYQcjxanytIp92/l1iPPqs1/whG68DaHrnpDZ+eE:40czbty9uiaJlHE
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader