dridex | 085b280b062007711ed4c89eaca248cb6f1b486508c4d29d3ca47e50c7671a11 | Triage

Sharing

General

Target

JaffaCakes118_085b280b062007711ed4c89eaca248cb6f1b486508c4d29d3ca47e50c7671a11
Size

188KB
Sample

241230-3hnrvswqhx
MD5

eef45f9b879d0b6187ea7b94ce8d12e0
SHA1

23a0b2b3780862962f9b6c4a0afd5560cfbf1cc3
SHA256

085b280b062007711ed4c89eaca248cb6f1b486508c4d29d3ca47e50c7671a11
SHA512

75e6249c16d643908efb3db8cb114d87f63c503c5c5aab582c8b863635609d6e25ad3394fe3602adb7315d3e54f591094a1febb4e5d6f1c88ee5a89ede2a834f
SSDEEP

3072:VteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzo9qM:xq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_085b280b062007711ed4c89eaca248cb6f1b486508c4d29d3ca47e50c7671a11
- Size
  
  188KB
- MD5
  
  eef45f9b879d0b6187ea7b94ce8d12e0
- SHA1
  
  23a0b2b3780862962f9b6c4a0afd5560cfbf1cc3
- SHA256
  
  085b280b062007711ed4c89eaca248cb6f1b486508c4d29d3ca47e50c7671a11
- SHA512
  
  75e6249c16d643908efb3db8cb114d87f63c503c5c5aab582c8b863635609d6e25ad3394fe3602adb7315d3e54f591094a1febb4e5d6f1c88ee5a89ede2a834f
- SSDEEP
  
  3072:VteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzo9qM:xq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader