dridex | 12a1ffe62dca88042519de10bad40b2a6015c2e0cf7fb9931e3e615b46981508 | Triage

Sharing

General

Target

JaffaCakes118_12a1ffe62dca88042519de10bad40b2a6015c2e0cf7fb9931e3e615b46981508
Size

188KB
Sample

241230-2cpars1qel
MD5

937dff143273fb7d6f29cbfd77322782
SHA1

5b068f56ccf9ffb3ab220a914159d1e929e14c5b
SHA256

12a1ffe62dca88042519de10bad40b2a6015c2e0cf7fb9931e3e615b46981508
SHA512

b24be767a525a55939d1e109f3db61d367a9e9a71691403a06964bc7985326f074662a49ce15636865728e8b38932c56e2ee0f2fe188f7d601446d55bd8cd775
SSDEEP

3072:SteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzq9qM:aq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_12a1ffe62dca88042519de10bad40b2a6015c2e0cf7fb9931e3e615b46981508
- Size
  
  188KB
- MD5
  
  937dff143273fb7d6f29cbfd77322782
- SHA1
  
  5b068f56ccf9ffb3ab220a914159d1e929e14c5b
- SHA256
  
  12a1ffe62dca88042519de10bad40b2a6015c2e0cf7fb9931e3e615b46981508
- SHA512
  
  b24be767a525a55939d1e109f3db61d367a9e9a71691403a06964bc7985326f074662a49ce15636865728e8b38932c56e2ee0f2fe188f7d601446d55bd8cd775
- SSDEEP
  
  3072:SteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzq9qM:aq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader