dridex | 66f1c0c36cc173cf77ce28c9e651db4063f89d95d66e5a75b17af77d4ed519ea | Triage

Sharing

General

Target

JaffaCakes118_66f1c0c36cc173cf77ce28c9e651db4063f89d95d66e5a75b17af77d4ed519ea
Size

184KB
Sample

241226-tj5x4azmas
MD5

b5cbe524ee4e3b76cbc995e7beb08ed6
SHA1

7de9a1b4ad913f70283a81d5b6779f77d7e80a12
SHA256

66f1c0c36cc173cf77ce28c9e651db4063f89d95d66e5a75b17af77d4ed519ea
SHA512

3b83827ae96ec8908610d1076a304d8a0e1290c939ace4de0414034b9cd7b5e7c74858a86ebf84cc2a03fe590fb15ee7acb8dd7f183688db0e0dc632688729c8
SSDEEP

3072:buwfhNXphcqs2tJYsoa9Xibolk0CtPBU1jhhF8ZJ8fDo4KOlmsb:Z7TXYsd9SkONU1jKGltlm

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

103.75.201.2:443

158.223.1.108:6225

165.22.28.242:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_66f1c0c36cc173cf77ce28c9e651db4063f89d95d66e5a75b17af77d4ed519ea
- Size
  
  184KB
- MD5
  
  b5cbe524ee4e3b76cbc995e7beb08ed6
- SHA1
  
  7de9a1b4ad913f70283a81d5b6779f77d7e80a12
- SHA256
  
  66f1c0c36cc173cf77ce28c9e651db4063f89d95d66e5a75b17af77d4ed519ea
- SHA512
  
  3b83827ae96ec8908610d1076a304d8a0e1290c939ace4de0414034b9cd7b5e7c74858a86ebf84cc2a03fe590fb15ee7acb8dd7f183688db0e0dc632688729c8
- SSDEEP
  
  3072:buwfhNXphcqs2tJYsoa9Xibolk0CtPBU1jhhF8ZJ8fDo4KOlmsb:Z7TXYsd9SkONU1jKGltlm
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader