dridex | f8da3ae228b02450cf742cb85859e97e4bf0cb3376f42c9e7f1cfb4ac7be1070 | Triage

Sharing

General

Target

JaffaCakes118_f8da3ae228b02450cf742cb85859e97e4bf0cb3376f42c9e7f1cfb4ac7be1070
Size

163KB
Sample

241229-qx8pcsspet
MD5

9a07092754fe39c4c6c63a579bae8bde
SHA1

d0e63772f8a0e63cd5253a8349802a149107699b
SHA256

f8da3ae228b02450cf742cb85859e97e4bf0cb3376f42c9e7f1cfb4ac7be1070
SHA512

f0e5969d27d926144bd97e756313f18371a084d7a49673dc134caf655a759d8bace76294dd7517b99bf24b42da96a7f74b51f368334ae9d49954a2f38bdd562f
SSDEEP

3072:lar6Ys6p54kfdo+APr0aYSbeO6aal8jeytFQTOpp2J:Hs4p+ADxnSO6D2cOp

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

43.229.206.212:443

82.209.17.209:8172

162.241.209.225:4125

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_f8da3ae228b02450cf742cb85859e97e4bf0cb3376f42c9e7f1cfb4ac7be1070
- Size
  
  163KB
- MD5
  
  9a07092754fe39c4c6c63a579bae8bde
- SHA1
  
  d0e63772f8a0e63cd5253a8349802a149107699b
- SHA256
  
  f8da3ae228b02450cf742cb85859e97e4bf0cb3376f42c9e7f1cfb4ac7be1070
- SHA512
  
  f0e5969d27d926144bd97e756313f18371a084d7a49673dc134caf655a759d8bace76294dd7517b99bf24b42da96a7f74b51f368334ae9d49954a2f38bdd562f
- SSDEEP
  
  3072:lar6Ys6p54kfdo+APr0aYSbeO6aal8jeytFQTOpp2J:Hs4p+ADxnSO6D2cOp
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader