dridex | 6e57667837030907237ee2e5f14caeae4720c970daf6d4a7e476c178df5d95bd | Triage

Sharing

General

Target

JaffaCakes118_6e57667837030907237ee2e5f14caeae4720c970daf6d4a7e476c178df5d95bd
Size

177KB
Sample

241230-3xz4faxpdv
MD5

3a4a27b775d7489c4da3505a0c08824b
SHA1

1058fe53624aabb27bf862907ccf16184142ef9b
SHA256

6e57667837030907237ee2e5f14caeae4720c970daf6d4a7e476c178df5d95bd
SHA512

92cd8d8fed8baa77e456dc09783d0dbde62c1afca977554ce437895e4ed432ee533e700499535120e7f70fc226ff0571ad18f42b56b396ff119b218d2f429c18
SSDEEP

3072:huCmyBVtWxZCOCA4Hpl1tv18FTETA8ocya/OyoSJPAacbnid8DOHPJ+HJ:NzWxkOP4p2EesvcDi6DOHPJ

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

144.76.1.150:443

50.249.212.98:23399

104.168.154.79:5007

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_6e57667837030907237ee2e5f14caeae4720c970daf6d4a7e476c178df5d95bd
- Size
  
  177KB
- MD5
  
  3a4a27b775d7489c4da3505a0c08824b
- SHA1
  
  1058fe53624aabb27bf862907ccf16184142ef9b
- SHA256
  
  6e57667837030907237ee2e5f14caeae4720c970daf6d4a7e476c178df5d95bd
- SHA512
  
  92cd8d8fed8baa77e456dc09783d0dbde62c1afca977554ce437895e4ed432ee533e700499535120e7f70fc226ff0571ad18f42b56b396ff119b218d2f429c18
- SSDEEP
  
  3072:huCmyBVtWxZCOCA4Hpl1tv18FTETA8ocya/OyoSJPAacbnid8DOHPJ+HJ:NzWxkOP4p2EesvcDi6DOHPJ
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader