dridex | 07b0aa7445d1cf9296865a276cfd9c7b8c0185411e4e8fc10cec31479a194bd4 | Triage

Sharing

General

Target

JaffaCakes118_07b0aa7445d1cf9296865a276cfd9c7b8c0185411e4e8fc10cec31479a194bd4
Size

166KB
Sample

241229-a823ysxmem
MD5

848c61b4b95b10b18ef9c8d3a3b08cbc
SHA1

cd999cffaaa8f0341b372d585253290f16c7a820
SHA256

07b0aa7445d1cf9296865a276cfd9c7b8c0185411e4e8fc10cec31479a194bd4
SHA512

f4b42a6b794fecaba8e18d5d66a41105f0a896400e27c2eeb225279dafe80775ca17bf2c9a58731e2aea4dfb85b799145ab3064c4db9d6f2489fe48da7f2ff6f
SSDEEP

3072:JuFbQtsYQcjxanytIp92/l1iPPqs1/whG68DaHrnpDZ+qa:J0czbty9uiaJlva

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

131.100.24.202:443

193.160.214.95:4125

67.43.4.76:8172

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_07b0aa7445d1cf9296865a276cfd9c7b8c0185411e4e8fc10cec31479a194bd4
- Size
  
  166KB
- MD5
  
  848c61b4b95b10b18ef9c8d3a3b08cbc
- SHA1
  
  cd999cffaaa8f0341b372d585253290f16c7a820
- SHA256
  
  07b0aa7445d1cf9296865a276cfd9c7b8c0185411e4e8fc10cec31479a194bd4
- SHA512
  
  f4b42a6b794fecaba8e18d5d66a41105f0a896400e27c2eeb225279dafe80775ca17bf2c9a58731e2aea4dfb85b799145ab3064c4db9d6f2489fe48da7f2ff6f
- SSDEEP
  
  3072:JuFbQtsYQcjxanytIp92/l1iPPqs1/whG68DaHrnpDZ+qa:J0czbty9uiaJlva
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader