dridex | e894e02b04ff0f4f885b7df1c9e64972e97bbdf404b1796c1cd3e17eeff9d54b | Triage

Sharing

General

Target

JaffaCakes118_e894e02b04ff0f4f885b7df1c9e64972e97bbdf404b1796c1cd3e17eeff9d54b
Size

163KB
Sample

241227-a1psnawphz
MD5

1d0f79760974a2db57de25d19ebd2860
SHA1

c94a52b8ec0ec824b2e6bdd5438ec0cf2059157f
SHA256

e894e02b04ff0f4f885b7df1c9e64972e97bbdf404b1796c1cd3e17eeff9d54b
SHA512

0ff5b3757c6fde66de305ace2b00ab04f3806b93e0c800a6c428982ab5a20d3160994721626e51d0d907fcf57ef17a2b35424958b14b42bbcbf5455a904116f0
SSDEEP

3072:Lar6Ys6p54kfdo+APr0aYSbeO6aal8jeytFQTOpp2J:9s4p+ADxnSO6D2cOp

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

43.229.206.212:443

82.209.17.209:8172

162.241.209.225:4125

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_e894e02b04ff0f4f885b7df1c9e64972e97bbdf404b1796c1cd3e17eeff9d54b
- Size
  
  163KB
- MD5
  
  1d0f79760974a2db57de25d19ebd2860
- SHA1
  
  c94a52b8ec0ec824b2e6bdd5438ec0cf2059157f
- SHA256
  
  e894e02b04ff0f4f885b7df1c9e64972e97bbdf404b1796c1cd3e17eeff9d54b
- SHA512
  
  0ff5b3757c6fde66de305ace2b00ab04f3806b93e0c800a6c428982ab5a20d3160994721626e51d0d907fcf57ef17a2b35424958b14b42bbcbf5455a904116f0
- SSDEEP
  
  3072:Lar6Ys6p54kfdo+APr0aYSbeO6aal8jeytFQTOpp2J:9s4p+ADxnSO6D2cOp
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader