dridex | b92652b080599d4b2b526b7cb50185dcebd5e924dfe2d32b04e4061b55df3650 | Triage

Sharing

General

Target

JaffaCakes118_b92652b080599d4b2b526b7cb50185dcebd5e924dfe2d32b04e4061b55df3650
Size

188KB
Sample

241230-1qj3jazqck
MD5

8752487f781da57ab49a676b9c339233
SHA1

de425dbe274b28d0f2a3285070f29d80b5604ad3
SHA256

b92652b080599d4b2b526b7cb50185dcebd5e924dfe2d32b04e4061b55df3650
SHA512

ae38378ce6ae6f97be8d1d141528826c9c3f7513c254f1815beb51d5bfe8b1d6946b282c2620954266423744f854a66d59d3c37dbb4913d484f056e44cf8b224
SSDEEP

3072:jteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzQ9qM:Lq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_b92652b080599d4b2b526b7cb50185dcebd5e924dfe2d32b04e4061b55df3650
- Size
  
  188KB
- MD5
  
  8752487f781da57ab49a676b9c339233
- SHA1
  
  de425dbe274b28d0f2a3285070f29d80b5604ad3
- SHA256
  
  b92652b080599d4b2b526b7cb50185dcebd5e924dfe2d32b04e4061b55df3650
- SHA512
  
  ae38378ce6ae6f97be8d1d141528826c9c3f7513c254f1815beb51d5bfe8b1d6946b282c2620954266423744f854a66d59d3c37dbb4913d484f056e44cf8b224
- SSDEEP
  
  3072:jteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzQ9qM:Lq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader