dridex | 692a6a76eaaa1529d1fd4a97f8eff17d4e8c70bff98544ee12fecac6395ba5b8 | Triage

Sharing

General

Target

JaffaCakes118_692a6a76eaaa1529d1fd4a97f8eff17d4e8c70bff98544ee12fecac6395ba5b8
Size

188KB
Sample

241230-3wj1tsvlgl
MD5

b64700512bc84b5626c25e73865af2d2
SHA1

5c14276c3b289442d93015a6ebddf8444e55df99
SHA256

692a6a76eaaa1529d1fd4a97f8eff17d4e8c70bff98544ee12fecac6395ba5b8
SHA512

38ed8d499b2011fb5f6bb465e6f534140b88b91f3ae6b373606c2618e8436c550ae3475fee8cefe72acd314aa88b3ba49a0e29d42789d394042847eb3b2e8d5e
SSDEEP

3072:uteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzA9qM:Gq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_692a6a76eaaa1529d1fd4a97f8eff17d4e8c70bff98544ee12fecac6395ba5b8
- Size
  
  188KB
- MD5
  
  b64700512bc84b5626c25e73865af2d2
- SHA1
  
  5c14276c3b289442d93015a6ebddf8444e55df99
- SHA256
  
  692a6a76eaaa1529d1fd4a97f8eff17d4e8c70bff98544ee12fecac6395ba5b8
- SHA512
  
  38ed8d499b2011fb5f6bb465e6f534140b88b91f3ae6b373606c2618e8436c550ae3475fee8cefe72acd314aa88b3ba49a0e29d42789d394042847eb3b2e8d5e
- SSDEEP
  
  3072:uteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzA9qM:Gq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader