dridex | 018af5b9c617cdac7b5b5bb9d00b14e9d171edb4b525d08d3eeeacd29c5fe0ea | Triage

Sharing

General

Target

JaffaCakes118_018af5b9c617cdac7b5b5bb9d00b14e9d171edb4b525d08d3eeeacd29c5fe0ea
Size

161KB
Sample

241226-tq5wnszraj
MD5

35279f9f96144c94f90ee8aeec444461
SHA1

78be676d21ee502cac45212104af9a0cac70e2aa
SHA256

018af5b9c617cdac7b5b5bb9d00b14e9d171edb4b525d08d3eeeacd29c5fe0ea
SHA512

bb85abb29f8ca64fa1f79e1908a78af560062b060c54a5488c9cab98754ee3d1c67bf5f0596622e17626eace45cf14a31445b5d95fa615c258ec41d20021adb4
SSDEEP

3072:+d4Dcp/qdOUKcT1GpvO0nygcp0DvA/fxHbeXaUDwOvHvWM:3DBdOlG0nyg1DvwxgZ/v

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

45.55.134.126:443

67.207.83.96:8172

193.160.214.95:4125

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_018af5b9c617cdac7b5b5bb9d00b14e9d171edb4b525d08d3eeeacd29c5fe0ea
- Size
  
  161KB
- MD5
  
  35279f9f96144c94f90ee8aeec444461
- SHA1
  
  78be676d21ee502cac45212104af9a0cac70e2aa
- SHA256
  
  018af5b9c617cdac7b5b5bb9d00b14e9d171edb4b525d08d3eeeacd29c5fe0ea
- SHA512
  
  bb85abb29f8ca64fa1f79e1908a78af560062b060c54a5488c9cab98754ee3d1c67bf5f0596622e17626eace45cf14a31445b5d95fa615c258ec41d20021adb4
- SSDEEP
  
  3072:+d4Dcp/qdOUKcT1GpvO0nygcp0DvA/fxHbeXaUDwOvHvWM:3DBdOlG0nyg1DvwxgZ/v
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader