dridex | fd9419f6a92db8fba148fd7ecb8a6c30f30aefa7ce2259b0e6c8d200f60d409d | Triage

Sharing

General

Target

JaffaCakes118_fd9419f6a92db8fba148fd7ecb8a6c30f30aefa7ce2259b0e6c8d200f60d409d
Size

184KB
Sample

241229-2q8lkayrdy
MD5

0b3fdbac0457fb976e3fa5d8f40ee4af
SHA1

c0e7fd7ac183a5b027ad3f19b0fab5022605bf4e
SHA256

fd9419f6a92db8fba148fd7ecb8a6c30f30aefa7ce2259b0e6c8d200f60d409d
SHA512

06ebafec241d692011733f70b0577aa57e9f352b1cce48b64f703617d2d4f90428aca5c07b67658401e1246d4b8c8d3f5d6d4d2c305b496642a13ad3edb967cc
SSDEEP

3072:hiLVj+luuUXoPOK2z1WPRgg5YbW+d0Ojk1bSA5q/eaonlzoxss7:hiLVCIT4WK2z1W+CUHZj4Skq/eaoVoC

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

80.241.218.90:443

103.161.172.109:13786

87.98.128.76:5723

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_fd9419f6a92db8fba148fd7ecb8a6c30f30aefa7ce2259b0e6c8d200f60d409d
- Size
  
  184KB
- MD5
  
  0b3fdbac0457fb976e3fa5d8f40ee4af
- SHA1
  
  c0e7fd7ac183a5b027ad3f19b0fab5022605bf4e
- SHA256
  
  fd9419f6a92db8fba148fd7ecb8a6c30f30aefa7ce2259b0e6c8d200f60d409d
- SHA512
  
  06ebafec241d692011733f70b0577aa57e9f352b1cce48b64f703617d2d4f90428aca5c07b67658401e1246d4b8c8d3f5d6d4d2c305b496642a13ad3edb967cc
- SSDEEP
  
  3072:hiLVj+luuUXoPOK2z1WPRgg5YbW+d0Ojk1bSA5q/eaonlzoxss7:hiLVCIT4WK2z1W+CUHZj4Skq/eaoVoC
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader