dridex | 1438c16893baf236480f22d31f631182c0156570bd8dd7a45b890e74a3fd9437 | Triage

Sharing

General

Target

JaffaCakes118_1438c16893baf236480f22d31f631182c0156570bd8dd7a45b890e74a3fd9437
Size

184KB
Sample

241229-2dv5psypak
MD5

f5c011f8a105df52481533a047878b0b
SHA1

9ab5caf7a94bc774e3cd2bb1546c0dc0dd67d4cc
SHA256

1438c16893baf236480f22d31f631182c0156570bd8dd7a45b890e74a3fd9437
SHA512

671c99b5de6abd2a28e8b48710d38b4e0c9b83731d7d90e3394ff63f7311cf6cebaca6ca4c66ae52d6844c6c5f69fbc4e78806220f63ae6f5d7e267203c41549
SSDEEP

3072:NiLVj+luuUXoPOK2z1WPRgg5YbW+d0Ojk1bSA5q/eaoSlzoxss7:NiLVCIT4WK2z1W+CUHZj4Skq/eaoYoC

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

80.241.218.90:443

103.161.172.109:13786

87.98.128.76:5723

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_1438c16893baf236480f22d31f631182c0156570bd8dd7a45b890e74a3fd9437
- Size
  
  184KB
- MD5
  
  f5c011f8a105df52481533a047878b0b
- SHA1
  
  9ab5caf7a94bc774e3cd2bb1546c0dc0dd67d4cc
- SHA256
  
  1438c16893baf236480f22d31f631182c0156570bd8dd7a45b890e74a3fd9437
- SHA512
  
  671c99b5de6abd2a28e8b48710d38b4e0c9b83731d7d90e3394ff63f7311cf6cebaca6ca4c66ae52d6844c6c5f69fbc4e78806220f63ae6f5d7e267203c41549
- SSDEEP
  
  3072:NiLVj+luuUXoPOK2z1WPRgg5YbW+d0Ojk1bSA5q/eaoSlzoxss7:NiLVCIT4WK2z1W+CUHZj4Skq/eaoYoC
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader