dridex | c1d2e3bc888627faa99686bdc35203ff2ddf8ab3bef61edaec23afc5f9142e44 | Triage

Sharing

General

Target

JaffaCakes118_c1d2e3bc888627faa99686bdc35203ff2ddf8ab3bef61edaec23afc5f9142e44
Size

184KB
Sample

241229-q48b6ssqhr
MD5

282ec25b54bdde615002d70ca0ef9f40
SHA1

9ab8b4495fe49d7eb2b5a6a205a4d7efb4aae503
SHA256

c1d2e3bc888627faa99686bdc35203ff2ddf8ab3bef61edaec23afc5f9142e44
SHA512

69dbf6596adf0e9744e1598376a6fb88aea8cba8fa63d862d72b3eb5276fa72e0eddc85ba4a3a368c6fa3c04419996917bd91697409ede32be117a016ca02dec
SSDEEP

3072:4uwfhNXphcqs2tJYsoa9Xibolk0CtPBU1jhhF8ZJ8fDo4KBlmsb:27TXYsd9SkONU1jKGlulm

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

103.75.201.2:443

158.223.1.108:6225

165.22.28.242:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_c1d2e3bc888627faa99686bdc35203ff2ddf8ab3bef61edaec23afc5f9142e44
- Size
  
  184KB
- MD5
  
  282ec25b54bdde615002d70ca0ef9f40
- SHA1
  
  9ab8b4495fe49d7eb2b5a6a205a4d7efb4aae503
- SHA256
  
  c1d2e3bc888627faa99686bdc35203ff2ddf8ab3bef61edaec23afc5f9142e44
- SHA512
  
  69dbf6596adf0e9744e1598376a6fb88aea8cba8fa63d862d72b3eb5276fa72e0eddc85ba4a3a368c6fa3c04419996917bd91697409ede32be117a016ca02dec
- SSDEEP
  
  3072:4uwfhNXphcqs2tJYsoa9Xibolk0CtPBU1jhhF8ZJ8fDo4KBlmsb:27TXYsd9SkONU1jKGlulm
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader