dridex | 945c3432030cf1bcfcc0f1b542111b09e099e8d9070bc9ce0074d195a8489896 | Triage

Sharing

General

Target

JaffaCakes118_945c3432030cf1bcfcc0f1b542111b09e099e8d9070bc9ce0074d195a8489896
Size

170KB
Sample

241230-3hgnjswqg1
MD5

48b6e7af0bc8b49273d34be4cfa96140
SHA1

37d20a5fcb492b985b443a5e61fee9c1011f16fa
SHA256

945c3432030cf1bcfcc0f1b542111b09e099e8d9070bc9ce0074d195a8489896
SHA512

543faa7e404e161b5ec4f83c3a402b6465debb8f9b9a224f45319a67c411757278dc2cc472dbfec20e5afe571094c7dc4a1bef87be624bbb737ae772dd818cc9
SSDEEP

3072:gqWLBTrGNr0gl+CI3bc4ThMXu6GkqFmLqmjcRVmkHkKFhG2wwUJ5/lB:uVqNd+CIQHXu9VFmu0qU2CJ5

Score

10^/10

dridex 40112 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

128.199.200.38:443

192.163.233.216:6601

43.229.206.244:4125

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_945c3432030cf1bcfcc0f1b542111b09e099e8d9070bc9ce0074d195a8489896
- Size
  
  170KB
- MD5
  
  48b6e7af0bc8b49273d34be4cfa96140
- SHA1
  
  37d20a5fcb492b985b443a5e61fee9c1011f16fa
- SHA256
  
  945c3432030cf1bcfcc0f1b542111b09e099e8d9070bc9ce0074d195a8489896
- SHA512
  
  543faa7e404e161b5ec4f83c3a402b6465debb8f9b9a224f45319a67c411757278dc2cc472dbfec20e5afe571094c7dc4a1bef87be624bbb737ae772dd818cc9
- SSDEEP
  
  3072:gqWLBTrGNr0gl+CI3bc4ThMXu6GkqFmLqmjcRVmkHkKFhG2wwUJ5/lB:uVqNd+CIQHXu9VFmu0qU2CJ5
Score

10^/10

dridex 40112 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex40112botnetdiscoveryloader

behavioral2

dridex40112botnetdiscoveryloader