dridex | 8df84c0eb41f2a22c2d5058285f31e5b30ffbebb39e11ed77217577401ad441f | Triage

Sharing

General

Target

JaffaCakes118_8df84c0eb41f2a22c2d5058285f31e5b30ffbebb39e11ed77217577401ad441f
Size

188KB
Sample

241230-18jjqa1nhj
MD5

8d412804d97bf997fefee8cbf78e6b2c
SHA1

bf4f9dac774f7a0493a88d9d9061c24c00df6afc
SHA256

8df84c0eb41f2a22c2d5058285f31e5b30ffbebb39e11ed77217577401ad441f
SHA512

f289a2047a4835de36c7e254add13b147191f5dd09f7de855dc1699f87eda4f3f63e4598fca433afc2a5bbc38b9e4dca1dcc06a28a316949fef464d043ed7000
SSDEEP

3072:AteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzZ9qM:Uq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_8df84c0eb41f2a22c2d5058285f31e5b30ffbebb39e11ed77217577401ad441f
- Size
  
  188KB
- MD5
  
  8d412804d97bf997fefee8cbf78e6b2c
- SHA1
  
  bf4f9dac774f7a0493a88d9d9061c24c00df6afc
- SHA256
  
  8df84c0eb41f2a22c2d5058285f31e5b30ffbebb39e11ed77217577401ad441f
- SHA512
  
  f289a2047a4835de36c7e254add13b147191f5dd09f7de855dc1699f87eda4f3f63e4598fca433afc2a5bbc38b9e4dca1dcc06a28a316949fef464d043ed7000
- SSDEEP
  
  3072:AteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzZ9qM:Uq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader