dridex | a2c8d5aed8bafb6fd5b4e24232ca69b26a829b1617f4763bd81e18d4de68e200 | Triage

Sharing

General

Target

JaffaCakes118_a2c8d5aed8bafb6fd5b4e24232ca69b26a829b1617f4763bd81e18d4de68e200
Size

188KB
Sample

241230-3epjzswpfx
MD5

868e3bb3e27ed5d79abbdb055b3bece8
SHA1

cd08bda780bb87ec796726f925c2d0c9b415e606
SHA256

a2c8d5aed8bafb6fd5b4e24232ca69b26a829b1617f4763bd81e18d4de68e200
SHA512

1999d024b434acb4e28d0ea50178e965441f5dd97e977b2f62c24f126c87a3ef2ec8c9ccc1c720face4ce7ed33db76c0b0e58277778b341200780759a1e5dd2d
SSDEEP

3072:TteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIz89qM:bq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_a2c8d5aed8bafb6fd5b4e24232ca69b26a829b1617f4763bd81e18d4de68e200
- Size
  
  188KB
- MD5
  
  868e3bb3e27ed5d79abbdb055b3bece8
- SHA1
  
  cd08bda780bb87ec796726f925c2d0c9b415e606
- SHA256
  
  a2c8d5aed8bafb6fd5b4e24232ca69b26a829b1617f4763bd81e18d4de68e200
- SHA512
  
  1999d024b434acb4e28d0ea50178e965441f5dd97e977b2f62c24f126c87a3ef2ec8c9ccc1c720face4ce7ed33db76c0b0e58277778b341200780759a1e5dd2d
- SSDEEP
  
  3072:TteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIz89qM:bq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader