dridex | 5cc980291c284db3ce1084a44de920a2a1a01d0496c666a4e842ed190f9be670 | Triage

Sharing

General

Target

JaffaCakes118_5cc980291c284db3ce1084a44de920a2a1a01d0496c666a4e842ed190f9be670
Size

184KB
Sample

241230-2rx68avpdw
MD5

caf76e6fda55ca9d6ea7aa37e3e74c79
SHA1

9713b19ff919d43d917e6c9b2c180387cb33c831
SHA256

5cc980291c284db3ce1084a44de920a2a1a01d0496c666a4e842ed190f9be670
SHA512

0cb89924ed0dabfc293d5f4a8492e113fbb6f96ec7c1ff07ad3daad88b7b1b451eb31d3608ebfe79c3937c99da52d3016e33e5af6bf79baa3b2d74696adef1dc
SSDEEP

3072:YgkQz1PuOprc+kq6VNOe3qbarVEpZlcbBacS9nOdgNdA4l:9PFkq6zOe5ilSanOqd

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.75.201.2:443

158.223.1.108:6225

165.22.28.242:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_5cc980291c284db3ce1084a44de920a2a1a01d0496c666a4e842ed190f9be670
- Size
  
  184KB
- MD5
  
  caf76e6fda55ca9d6ea7aa37e3e74c79
- SHA1
  
  9713b19ff919d43d917e6c9b2c180387cb33c831
- SHA256
  
  5cc980291c284db3ce1084a44de920a2a1a01d0496c666a4e842ed190f9be670
- SHA512
  
  0cb89924ed0dabfc293d5f4a8492e113fbb6f96ec7c1ff07ad3daad88b7b1b451eb31d3608ebfe79c3937c99da52d3016e33e5af6bf79baa3b2d74696adef1dc
- SSDEEP
  
  3072:YgkQz1PuOprc+kq6VNOe3qbarVEpZlcbBacS9nOdgNdA4l:9PFkq6zOe5ilSanOqd
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader