dridex | 671a88d1979da9b5d4e5487dd09eba76576ea2020ad5764668f488db43734eda | Triage

Sharing

General

Target

JaffaCakes118_671a88d1979da9b5d4e5487dd09eba76576ea2020ad5764668f488db43734eda
Size

184KB
Sample

241228-3g3jmavqhq
MD5

9c8727d0072451caef2a84dcacf3c46f
SHA1

cee3a4d230b34b6f10c64932983184e76ec09446
SHA256

671a88d1979da9b5d4e5487dd09eba76576ea2020ad5764668f488db43734eda
SHA512

84a7a374fdbd7fc8fe74e912d55ebba1574881c7dad13bfd366d604234e521cdc88d49c060bce6707cc780e52b9238849e9ed92e77b808e212f23cd487383ee5
SSDEEP

3072:liLVj+luuUXoPOK2z1WPRgg5YbW+d0Ojk1bSA5q/eaoclzoxss7:liLVCIT4WK2z1W+CUHZj4Skq/eaoioC

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

80.241.218.90:443

103.161.172.109:13786

87.98.128.76:5723

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_671a88d1979da9b5d4e5487dd09eba76576ea2020ad5764668f488db43734eda
- Size
  
  184KB
- MD5
  
  9c8727d0072451caef2a84dcacf3c46f
- SHA1
  
  cee3a4d230b34b6f10c64932983184e76ec09446
- SHA256
  
  671a88d1979da9b5d4e5487dd09eba76576ea2020ad5764668f488db43734eda
- SHA512
  
  84a7a374fdbd7fc8fe74e912d55ebba1574881c7dad13bfd366d604234e521cdc88d49c060bce6707cc780e52b9238849e9ed92e77b808e212f23cd487383ee5
- SSDEEP
  
  3072:liLVj+luuUXoPOK2z1WPRgg5YbW+d0Ojk1bSA5q/eaoclzoxss7:liLVCIT4WK2z1W+CUHZj4Skq/eaoioC
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader