dridex | e509a3d9b7552b0358a45d584b8e4e889e1d2b2a5db365055ada19a27a3ab6f8 | Triage

Sharing

General

Target

JaffaCakes118_e509a3d9b7552b0358a45d584b8e4e889e1d2b2a5db365055ada19a27a3ab6f8
Size

184KB
Sample

241229-f5fy7stndr
MD5

1af2c17ccdf1020c9e3647c0421e8334
SHA1

5984c6c5788d414f1ef36d2b1c9baa63f9e2d817
SHA256

e509a3d9b7552b0358a45d584b8e4e889e1d2b2a5db365055ada19a27a3ab6f8
SHA512

79be129065a4188ba7db3c746341d4c76ba71b1d523905dea9db599a7181afc2cf16303fd916ff4c95b3ead090bcd704301b6338e90512ec34f94bdc670a6947
SSDEEP

3072:liLVj+luuUXoPOK2z1WPRgg5YbW+d0Ojk1bSA5q/eaoSlzoxss7:liLVCIT4WK2z1W+CUHZj4Skq/eaoYoC

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

80.241.218.90:443

103.161.172.109:13786

87.98.128.76:5723

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_e509a3d9b7552b0358a45d584b8e4e889e1d2b2a5db365055ada19a27a3ab6f8
- Size
  
  184KB
- MD5
  
  1af2c17ccdf1020c9e3647c0421e8334
- SHA1
  
  5984c6c5788d414f1ef36d2b1c9baa63f9e2d817
- SHA256
  
  e509a3d9b7552b0358a45d584b8e4e889e1d2b2a5db365055ada19a27a3ab6f8
- SHA512
  
  79be129065a4188ba7db3c746341d4c76ba71b1d523905dea9db599a7181afc2cf16303fd916ff4c95b3ead090bcd704301b6338e90512ec34f94bdc670a6947
- SSDEEP
  
  3072:liLVj+luuUXoPOK2z1WPRgg5YbW+d0Ojk1bSA5q/eaoSlzoxss7:liLVCIT4WK2z1W+CUHZj4Skq/eaoYoC
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader