dridex | ca641db68b688ff56d4e620a76a17b64b14cdaccea9f9e507062351292efe389 | Triage

Sharing

General

Target

JaffaCakes118_ca641db68b688ff56d4e620a76a17b64b14cdaccea9f9e507062351292efe389
Size

188KB
Sample

241230-25p3rstjbl
MD5

cf4e0eff5e4e50284852e03dad77e46c
SHA1

0f73e3b98f2eea2a4f562f823ee04297d51d5bb2
SHA256

ca641db68b688ff56d4e620a76a17b64b14cdaccea9f9e507062351292efe389
SHA512

3350a03fa7871aa8c75a55c3c70fcb398a792e2709738b09ac80e507cd80effd73f8dff5df5bb0f5d6863092b6c3324e6381c1b49bdede3ad57de4e1a2105ede
SSDEEP

3072:qteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIz29qM:Cq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_ca641db68b688ff56d4e620a76a17b64b14cdaccea9f9e507062351292efe389
- Size
  
  188KB
- MD5
  
  cf4e0eff5e4e50284852e03dad77e46c
- SHA1
  
  0f73e3b98f2eea2a4f562f823ee04297d51d5bb2
- SHA256
  
  ca641db68b688ff56d4e620a76a17b64b14cdaccea9f9e507062351292efe389
- SHA512
  
  3350a03fa7871aa8c75a55c3c70fcb398a792e2709738b09ac80e507cd80effd73f8dff5df5bb0f5d6863092b6c3324e6381c1b49bdede3ad57de4e1a2105ede
- SSDEEP
  
  3072:qteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIz29qM:Cq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader