dridex | 5cccb84de2fb944d42e4ede395de17f887ef3a0a166a5ee4c7a12ab9896b5b99 | Triage

Sharing

General

Target

JaffaCakes118_5cccb84de2fb944d42e4ede395de17f887ef3a0a166a5ee4c7a12ab9896b5b99
Size

163KB
Sample

241226-tcm4pszjez
MD5

eae7bfdbbf69880357157591689f9bd1
SHA1

ef0ecce7cd70023738cd330985afcf47672c2cf7
SHA256

5cccb84de2fb944d42e4ede395de17f887ef3a0a166a5ee4c7a12ab9896b5b99
SHA512

5a50e890b6ae77964513b6d3ed6188137eb31a4c85e313353f2ca688f56fd090d09af299007f29632032df2701f61c17d0252bb4e9315927952771c6d8fd0348
SSDEEP

3072:nar6Ys6p54kfdo+APr0aYSbeO6aal8jeytFQTOpp2J:Rs4p+ADxnSO6D2cOp

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

43.229.206.212:443

82.209.17.209:8172

162.241.209.225:4125

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_5cccb84de2fb944d42e4ede395de17f887ef3a0a166a5ee4c7a12ab9896b5b99
- Size
  
  163KB
- MD5
  
  eae7bfdbbf69880357157591689f9bd1
- SHA1
  
  ef0ecce7cd70023738cd330985afcf47672c2cf7
- SHA256
  
  5cccb84de2fb944d42e4ede395de17f887ef3a0a166a5ee4c7a12ab9896b5b99
- SHA512
  
  5a50e890b6ae77964513b6d3ed6188137eb31a4c85e313353f2ca688f56fd090d09af299007f29632032df2701f61c17d0252bb4e9315927952771c6d8fd0348
- SSDEEP
  
  3072:nar6Ys6p54kfdo+APr0aYSbeO6aal8jeytFQTOpp2J:Rs4p+ADxnSO6D2cOp
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader