dridex | 9ec3256ee8e11d288a4044a82d5383e9f69758ea1a54e96d8e3e47188edadec2 | Triage

Sharing

General

Target

JaffaCakes118_9ec3256ee8e11d288a4044a82d5383e9f69758ea1a54e96d8e3e47188edadec2
Size

166KB
Sample

241230-abyn9s1meq
MD5

523ae7e05ce3b024f577fffda72eb20a
SHA1

5ed2b7cf02e8d7f39be110a990d834b195c81383
SHA256

9ec3256ee8e11d288a4044a82d5383e9f69758ea1a54e96d8e3e47188edadec2
SHA512

8396e4fd08365e36b0a67ab18240142f7e7185fa0b00d94babcf2c6893554e1f678f5dc50f51b32acd62975e2dacfb2a84427c69ab771054c8ae0220ea92bd42
SSDEEP

3072:QuFbQtsYQcjxanytIp92/l1iPPqs1/whG68DaHrnpDZ+pk:Q0czbty9uiaJlEk

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

131.100.24.202:443

193.160.214.95:4125

67.43.4.76:8172

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_9ec3256ee8e11d288a4044a82d5383e9f69758ea1a54e96d8e3e47188edadec2
- Size
  
  166KB
- MD5
  
  523ae7e05ce3b024f577fffda72eb20a
- SHA1
  
  5ed2b7cf02e8d7f39be110a990d834b195c81383
- SHA256
  
  9ec3256ee8e11d288a4044a82d5383e9f69758ea1a54e96d8e3e47188edadec2
- SHA512
  
  8396e4fd08365e36b0a67ab18240142f7e7185fa0b00d94babcf2c6893554e1f678f5dc50f51b32acd62975e2dacfb2a84427c69ab771054c8ae0220ea92bd42
- SSDEEP
  
  3072:QuFbQtsYQcjxanytIp92/l1iPPqs1/whG68DaHrnpDZ+pk:Q0czbty9uiaJlEk
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader