dridex | ec88cdfefcd5ece63a5dbb082ab5bd8a8d5610c45b97312c8a1956e62ae58b3c | Triage

Sharing

General

Target

JaffaCakes118_ec88cdfefcd5ece63a5dbb082ab5bd8a8d5610c45b97312c8a1956e62ae58b3c
Size

162KB
Sample

241229-lne88sylfs
MD5

95533711647dfd9cfa36f5e5ef4b24d3
SHA1

7429ef5468f35720e6b879f20a80bd05c3ba01ec
SHA256

ec88cdfefcd5ece63a5dbb082ab5bd8a8d5610c45b97312c8a1956e62ae58b3c
SHA512

af9d0610f5a52c6ac3a065ac8b4a6384ac156a2a05f467c700e0e43ec0e14749421ea89dfb4b883fe91d7b605cb3f2c46ee60091edbd16d225cc65ac07650251
SSDEEP

3072:Desl4+VdlY+01jb5SA5hg9PTEfPa1x+pq0KbuFicLJL:34+VZQpt5hyPsa1ekiEyL

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

203.114.109.124:443

82.165.145.100:6601

94.177.255.18:8172

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_ec88cdfefcd5ece63a5dbb082ab5bd8a8d5610c45b97312c8a1956e62ae58b3c
- Size
  
  162KB
- MD5
  
  95533711647dfd9cfa36f5e5ef4b24d3
- SHA1
  
  7429ef5468f35720e6b879f20a80bd05c3ba01ec
- SHA256
  
  ec88cdfefcd5ece63a5dbb082ab5bd8a8d5610c45b97312c8a1956e62ae58b3c
- SHA512
  
  af9d0610f5a52c6ac3a065ac8b4a6384ac156a2a05f467c700e0e43ec0e14749421ea89dfb4b883fe91d7b605cb3f2c46ee60091edbd16d225cc65ac07650251
- SSDEEP
  
  3072:Desl4+VdlY+01jb5SA5hg9PTEfPa1x+pq0KbuFicLJL:34+VZQpt5hyPsa1ekiEyL
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader