dridex | fa45dbde26ce01aeada51a07b66c7ae15ec683aa1138a49c31407efa5411080f | Triage

Sharing

General

Target

JaffaCakes118_fa45dbde26ce01aeada51a07b66c7ae15ec683aa1138a49c31407efa5411080f
Size

188KB
Sample

241230-3my4dstqgn
MD5

ed325e25b7f2217428763b1f5bd58402
SHA1

42b2b557ba5232170fbd345c009ea701ced50d94
SHA256

fa45dbde26ce01aeada51a07b66c7ae15ec683aa1138a49c31407efa5411080f
SHA512

60f8dc6e93ff17f5153bc1ed0ce3ae78251f7c6e10b6bd26f420680e875693099e0835da0521ffcafe70c2f8b2dad1e9d758b3f6153411cacb27a17ddf94a7f4
SSDEEP

3072:3teMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzr9qM:vq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_fa45dbde26ce01aeada51a07b66c7ae15ec683aa1138a49c31407efa5411080f
- Size
  
  188KB
- MD5
  
  ed325e25b7f2217428763b1f5bd58402
- SHA1
  
  42b2b557ba5232170fbd345c009ea701ced50d94
- SHA256
  
  fa45dbde26ce01aeada51a07b66c7ae15ec683aa1138a49c31407efa5411080f
- SHA512
  
  60f8dc6e93ff17f5153bc1ed0ce3ae78251f7c6e10b6bd26f420680e875693099e0835da0521ffcafe70c2f8b2dad1e9d758b3f6153411cacb27a17ddf94a7f4
- SSDEEP
  
  3072:3teMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzr9qM:vq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader