dridex | 4ced132082622b6cf75f54bf597332a0a62f9439c4ced1738e4bb9bcac117cdd | Triage

Sharing

General

Target

JaffaCakes118_4ced132082622b6cf75f54bf597332a0a62f9439c4ced1738e4bb9bcac117cdd
Size

161KB
Sample

241230-ehlqhaxmhp
MD5

2fd0606c09b7ac4f5ed36fc3de5193f2
SHA1

e2358349acd46f3639c562186f15e10814aa8ad3
SHA256

4ced132082622b6cf75f54bf597332a0a62f9439c4ced1738e4bb9bcac117cdd
SHA512

8365fbc535aac0303abf947e5b202d3de96d4354486c7fa93ab5f61679d913e7a0c62bf044d9cbdb53cf6b52ab6fbce3e7413bc2105eb6eef5f482096abdcea4
SSDEEP

3072:v72X+QFg3UutDvUvoU8pz6EJEEhu6Tzace9kuaGA81/YXKHML/hp8AF:eG3rUvoU4JE/Wzan9T7B/CKsL/hy

Score

10^/10

dridex 40112 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

193.200.130.181:443

95.138.161.226:2303

167.114.113.13:4125

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_4ced132082622b6cf75f54bf597332a0a62f9439c4ced1738e4bb9bcac117cdd
- Size
  
  161KB
- MD5
  
  2fd0606c09b7ac4f5ed36fc3de5193f2
- SHA1
  
  e2358349acd46f3639c562186f15e10814aa8ad3
- SHA256
  
  4ced132082622b6cf75f54bf597332a0a62f9439c4ced1738e4bb9bcac117cdd
- SHA512
  
  8365fbc535aac0303abf947e5b202d3de96d4354486c7fa93ab5f61679d913e7a0c62bf044d9cbdb53cf6b52ab6fbce3e7413bc2105eb6eef5f482096abdcea4
- SSDEEP
  
  3072:v72X+QFg3UutDvUvoU8pz6EJEEhu6Tzace9kuaGA81/YXKHML/hp8AF:eG3rUvoU4JE/Wzan9T7B/CKsL/hy
Score

10^/10

dridex 40112 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex40112botnetdiscoveryloader

behavioral2

dridex40112botnetdiscoveryloader