dridex | 26a792c0039c833f2d2cbd2c06bf2f0dee0c145b2df45981790e0d58c376d350 | Triage

Sharing

General

Target

JaffaCakes118_26a792c0039c833f2d2cbd2c06bf2f0dee0c145b2df45981790e0d58c376d350
Size

184KB
Sample

241230-c36kasvpbs
MD5

752f1dbc02acf0cb641bab23906ef443
SHA1

99e1ad71407c60b8cc7590c40f1bf4df6ece782a
SHA256

26a792c0039c833f2d2cbd2c06bf2f0dee0c145b2df45981790e0d58c376d350
SHA512

0c2280ed96e3fdd6eba4894b3fcc5476311effa66e2f49bdb75f86b93eff42f423df0565d4d72825d26df91e97fc78481b16968caaa9edb8d4421481567ace79
SSDEEP

3072:/iLVj+luuUXoPOK2z1WPRgg5YbW+d0Ojk1bSA5q/eaoBlzoxss7:/iLVCIT4WK2z1W+CUHZj4Skq/eaofoC

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

80.241.218.90:443

103.161.172.109:13786

87.98.128.76:5723

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_26a792c0039c833f2d2cbd2c06bf2f0dee0c145b2df45981790e0d58c376d350
- Size
  
  184KB
- MD5
  
  752f1dbc02acf0cb641bab23906ef443
- SHA1
  
  99e1ad71407c60b8cc7590c40f1bf4df6ece782a
- SHA256
  
  26a792c0039c833f2d2cbd2c06bf2f0dee0c145b2df45981790e0d58c376d350
- SHA512
  
  0c2280ed96e3fdd6eba4894b3fcc5476311effa66e2f49bdb75f86b93eff42f423df0565d4d72825d26df91e97fc78481b16968caaa9edb8d4421481567ace79
- SSDEEP
  
  3072:/iLVj+luuUXoPOK2z1WPRgg5YbW+d0Ojk1bSA5q/eaoBlzoxss7:/iLVCIT4WK2z1W+CUHZj4Skq/eaofoC
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader