dridex | 61d2b1221d11cf56e6007a4ca18a8190b9c08cce369c8110a207fea654d2fc9c | Triage

Sharing

General

Target

JaffaCakes118_61d2b1221d11cf56e6007a4ca18a8190b9c08cce369c8110a207fea654d2fc9c
Size

170KB
Sample

241230-e5rj9sykal
MD5

5abdd637ff637f09517c50e2975af3f0
SHA1

49afcb8fcb09db6450b75243caf0d5980166a289
SHA256

61d2b1221d11cf56e6007a4ca18a8190b9c08cce369c8110a207fea654d2fc9c
SHA512

35aa292714788361f5de908507d37145fa79c11236ab29069830b1177587a7ccfed3a050f06d39cd2c4f7fdecf70a4c7a5d57b5b80451ea9cb92bbf8f94c1282
SSDEEP

3072:rqWLBTrGNr0gl+CI3bc4ThMXu6GkqFmLqmjcRVmkHkKFhG2wwUJ5/lB:lVqNd+CIQHXu9VFmu0qU2CJ5

Score

10^/10

dridex 40112 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

128.199.200.38:443

192.163.233.216:6601

43.229.206.244:4125

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_61d2b1221d11cf56e6007a4ca18a8190b9c08cce369c8110a207fea654d2fc9c
- Size
  
  170KB
- MD5
  
  5abdd637ff637f09517c50e2975af3f0
- SHA1
  
  49afcb8fcb09db6450b75243caf0d5980166a289
- SHA256
  
  61d2b1221d11cf56e6007a4ca18a8190b9c08cce369c8110a207fea654d2fc9c
- SHA512
  
  35aa292714788361f5de908507d37145fa79c11236ab29069830b1177587a7ccfed3a050f06d39cd2c4f7fdecf70a4c7a5d57b5b80451ea9cb92bbf8f94c1282
- SSDEEP
  
  3072:rqWLBTrGNr0gl+CI3bc4ThMXu6GkqFmLqmjcRVmkHkKFhG2wwUJ5/lB:lVqNd+CIQHXu9VFmu0qU2CJ5
Score

10^/10

dridex 40112 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex40112botnetdiscoveryloader

behavioral2

dridex40112botnetdiscoveryloader