dridex | 9e3f2375444fe07b9035777f669ac3234027226e666f5fe494beff10430dc4e5 | Triage

Sharing

General

Target

JaffaCakes118_9e3f2375444fe07b9035777f669ac3234027226e666f5fe494beff10430dc4e5
Size

188KB
Sample

241230-d4mdgswrgt
MD5

d7c4d78250c90c1ab31d7ee1f8405c83
SHA1

4f7f48e8e1d7147a0b32e0b54e05ad5b0cfb19b8
SHA256

9e3f2375444fe07b9035777f669ac3234027226e666f5fe494beff10430dc4e5
SHA512

5eedb3dbc99a5c3d6623ecd548a77762b87a46ea8a8e575daea864869da38b0a7790aa494bf8117520dce40d5e5a750e727c0ec3c070711b24b280d6e717c6f5
SSDEEP

3072:IteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzr9qM:sq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_9e3f2375444fe07b9035777f669ac3234027226e666f5fe494beff10430dc4e5
- Size
  
  188KB
- MD5
  
  d7c4d78250c90c1ab31d7ee1f8405c83
- SHA1
  
  4f7f48e8e1d7147a0b32e0b54e05ad5b0cfb19b8
- SHA256
  
  9e3f2375444fe07b9035777f669ac3234027226e666f5fe494beff10430dc4e5
- SHA512
  
  5eedb3dbc99a5c3d6623ecd548a77762b87a46ea8a8e575daea864869da38b0a7790aa494bf8117520dce40d5e5a750e727c0ec3c070711b24b280d6e717c6f5
- SSDEEP
  
  3072:IteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzr9qM:sq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader