dridex | 69635bd1853251d2d7265861528573245f187739db7f1ce58cd39a8c3d6cdf56 | Triage

Sharing

General

Target

JaffaCakes118_69635bd1853251d2d7265861528573245f187739db7f1ce58cd39a8c3d6cdf56
Size

188KB
Sample

241230-3gl7mstncp
MD5

06a9720fe1b8a0df262e58f7fb76ebee
SHA1

ac67de54c59889185173ba010c4c479b509ba05a
SHA256

69635bd1853251d2d7265861528573245f187739db7f1ce58cd39a8c3d6cdf56
SHA512

c494f894c772b10e508795059ae5f01c900604e5c7720f1e64c07bc881ba0e1b43dd11ec9e0edef30885e9fb4fe6ca8913fbc4a012bb8816341a318fa44256f6
SSDEEP

3072:TteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzG9qM:bq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_69635bd1853251d2d7265861528573245f187739db7f1ce58cd39a8c3d6cdf56
- Size
  
  188KB
- MD5
  
  06a9720fe1b8a0df262e58f7fb76ebee
- SHA1
  
  ac67de54c59889185173ba010c4c479b509ba05a
- SHA256
  
  69635bd1853251d2d7265861528573245f187739db7f1ce58cd39a8c3d6cdf56
- SHA512
  
  c494f894c772b10e508795059ae5f01c900604e5c7720f1e64c07bc881ba0e1b43dd11ec9e0edef30885e9fb4fe6ca8913fbc4a012bb8816341a318fa44256f6
- SSDEEP
  
  3072:TteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzG9qM:bq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader