dridex | f1db071c8afecb33ffa8ed37f750ed2df39a189ebccd37347ac660aa1a22ada0 | Triage

Sharing

General

Target

JaffaCakes118_f1db071c8afecb33ffa8ed37f750ed2df39a189ebccd37347ac660aa1a22ada0
Size

188KB
Sample

241230-2ajx9strgs
MD5

b5c857693473acc19ce093ce3d4d683d
SHA1

074a9c83398253a1193578dde44cc2a3b78691e5
SHA256

f1db071c8afecb33ffa8ed37f750ed2df39a189ebccd37347ac660aa1a22ada0
SHA512

9214f9312fb3204e98283ec8fc4974f15eceb5797b522f16297bb1fcf22b3efddf7f2c99e4911f33e9bf7c7c8106c03c147f49f595b7cc371f1590b277fd6861
SSDEEP

3072:XteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzj9qM:Pq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_f1db071c8afecb33ffa8ed37f750ed2df39a189ebccd37347ac660aa1a22ada0
- Size
  
  188KB
- MD5
  
  b5c857693473acc19ce093ce3d4d683d
- SHA1
  
  074a9c83398253a1193578dde44cc2a3b78691e5
- SHA256
  
  f1db071c8afecb33ffa8ed37f750ed2df39a189ebccd37347ac660aa1a22ada0
- SHA512
  
  9214f9312fb3204e98283ec8fc4974f15eceb5797b522f16297bb1fcf22b3efddf7f2c99e4911f33e9bf7c7c8106c03c147f49f595b7cc371f1590b277fd6861
- SSDEEP
  
  3072:XteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzj9qM:Pq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader