dridex | 6f20a50ee3aa080827ffd9af985b0d2215883d6fb51e2206330519ff5f178d27 | Triage

Sharing

General

Target

JaffaCakes118_6f20a50ee3aa080827ffd9af985b0d2215883d6fb51e2206330519ff5f178d27
Size

177KB
Sample

241230-ebf7faxkhs
MD5

4e0cf281f701f91b64ca1bcf8c91f3ee
SHA1

3e303e4eefd38789737b15b39dc3c84e4f2157fd
SHA256

6f20a50ee3aa080827ffd9af985b0d2215883d6fb51e2206330519ff5f178d27
SHA512

c5bc62376b61be7ee21635203c875730c757b2ca7cfd8a9f13630fa36fdf59c2bb8b0f288862f82e1d784ffe3d40c810c193d8bf7f135b6dfb2a0325635ed740
SSDEEP

3072:vuCmyBVtWxZCOCA4Hpl1tv18FTETA8ocya/OyoSJPAacbnid8DOHPJ+HJ:rzWxkOP4p2EesvcDi6DOHPJ

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

144.76.1.150:443

50.249.212.98:23399

104.168.154.79:5007

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_6f20a50ee3aa080827ffd9af985b0d2215883d6fb51e2206330519ff5f178d27
- Size
  
  177KB
- MD5
  
  4e0cf281f701f91b64ca1bcf8c91f3ee
- SHA1
  
  3e303e4eefd38789737b15b39dc3c84e4f2157fd
- SHA256
  
  6f20a50ee3aa080827ffd9af985b0d2215883d6fb51e2206330519ff5f178d27
- SHA512
  
  c5bc62376b61be7ee21635203c875730c757b2ca7cfd8a9f13630fa36fdf59c2bb8b0f288862f82e1d784ffe3d40c810c193d8bf7f135b6dfb2a0325635ed740
- SSDEEP
  
  3072:vuCmyBVtWxZCOCA4Hpl1tv18FTETA8ocya/OyoSJPAacbnid8DOHPJ+HJ:rzWxkOP4p2EesvcDi6DOHPJ
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader