dridex | 7c3852ac1642714626e223cff7aa340955dc2163e53be0f2a7c162a58cb83b61 | Triage

Sharing

General

Target

JaffaCakes118_7c3852ac1642714626e223cff7aa340955dc2163e53be0f2a7c162a58cb83b61
Size

188KB
Sample

241230-3xegqsxpbx
MD5

bc60524266e237b24f6decb96a08345c
SHA1

f032f0db00019210b3d69ffa67ef047d940eb0df
SHA256

7c3852ac1642714626e223cff7aa340955dc2163e53be0f2a7c162a58cb83b61
SHA512

52322dc7035f526fc0ce5998be88e630877b7d34e451f9af7e66c9e5c877d94c10920ddadda3086132f236d8d858bad002406abd59d837fbec05e28adee04e1c
SSDEEP

3072:+teMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzL9qM:2q7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_7c3852ac1642714626e223cff7aa340955dc2163e53be0f2a7c162a58cb83b61
- Size
  
  188KB
- MD5
  
  bc60524266e237b24f6decb96a08345c
- SHA1
  
  f032f0db00019210b3d69ffa67ef047d940eb0df
- SHA256
  
  7c3852ac1642714626e223cff7aa340955dc2163e53be0f2a7c162a58cb83b61
- SHA512
  
  52322dc7035f526fc0ce5998be88e630877b7d34e451f9af7e66c9e5c877d94c10920ddadda3086132f236d8d858bad002406abd59d837fbec05e28adee04e1c
- SSDEEP
  
  3072:+teMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzL9qM:2q7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader