dridex | 330b77e7a349a0b82d4c00402d3f05997a0e5f395206fb77dd4439c0c9a0b947 | Triage

Sharing

General

Target

JaffaCakes118_330b77e7a349a0b82d4c00402d3f05997a0e5f395206fb77dd4439c0c9a0b947
Size

163KB
Sample

241229-aekxkswlc1
MD5

a565b2b5c0ea7220c650b3ca4a1ea96e
SHA1

52508f0343f96d5e70de5cd1730496205b7a995a
SHA256

330b77e7a349a0b82d4c00402d3f05997a0e5f395206fb77dd4439c0c9a0b947
SHA512

bfac3884530d6c439e5507697be14fc750975e7891693c3a84966e3f7db2b0b38c7cdb13ce32e30f34004c403400474b23153f02b3d1becf5aadbf9980319e77
SSDEEP

3072:0ar6Ys6p54kfdo+APr0aYSbeO6aal8jeytFQTOpp2J:Gs4p+ADxnSO6D2cOp

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

43.229.206.212:443

82.209.17.209:8172

162.241.209.225:4125

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_330b77e7a349a0b82d4c00402d3f05997a0e5f395206fb77dd4439c0c9a0b947
- Size
  
  163KB
- MD5
  
  a565b2b5c0ea7220c650b3ca4a1ea96e
- SHA1
  
  52508f0343f96d5e70de5cd1730496205b7a995a
- SHA256
  
  330b77e7a349a0b82d4c00402d3f05997a0e5f395206fb77dd4439c0c9a0b947
- SHA512
  
  bfac3884530d6c439e5507697be14fc750975e7891693c3a84966e3f7db2b0b38c7cdb13ce32e30f34004c403400474b23153f02b3d1becf5aadbf9980319e77
- SSDEEP
  
  3072:0ar6Ys6p54kfdo+APr0aYSbeO6aal8jeytFQTOpp2J:Gs4p+ADxnSO6D2cOp
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader