dridex | 80802b4b5fc5806eea9e670083887b5a5839a85a0a3bc1aaf4f7528712dd6609 | Triage

Sharing

General

Target

JaffaCakes118_80802b4b5fc5806eea9e670083887b5a5839a85a0a3bc1aaf4f7528712dd6609
Size

162KB
Sample

241225-zs6tmsxqbn
MD5

ef8785568917920064a5d1c715a6431a
SHA1

31935ccdf656feeed199d749978b0f18d200e135
SHA256

80802b4b5fc5806eea9e670083887b5a5839a85a0a3bc1aaf4f7528712dd6609
SHA512

072ee305cadd8a3e123d230ffcee632a4bffecf93a4244ec879708ebf2f457d25f2eddd10ceb904374706e25ccad6317e76e371e6595dc1f15b36ce84920828d
SSDEEP

3072:kesl4+VdlY+01jb5SA5hg9PTEfPa1x+pq0KbuFicLG5:e4+VZQpt5hyPsa1ekiEF5

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

203.114.109.124:443

82.165.145.100:6601

94.177.255.18:8172

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_80802b4b5fc5806eea9e670083887b5a5839a85a0a3bc1aaf4f7528712dd6609
- Size
  
  162KB
- MD5
  
  ef8785568917920064a5d1c715a6431a
- SHA1
  
  31935ccdf656feeed199d749978b0f18d200e135
- SHA256
  
  80802b4b5fc5806eea9e670083887b5a5839a85a0a3bc1aaf4f7528712dd6609
- SHA512
  
  072ee305cadd8a3e123d230ffcee632a4bffecf93a4244ec879708ebf2f457d25f2eddd10ceb904374706e25ccad6317e76e371e6595dc1f15b36ce84920828d
- SSDEEP
  
  3072:kesl4+VdlY+01jb5SA5hg9PTEfPa1x+pq0KbuFicLG5:e4+VZQpt5hyPsa1ekiEF5
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader