dridex | 5abce156f6d0fb063e44fce99c0c8dbd9b02f0ee1f2cf13457afdf32b1612c49 | Triage

Sharing

General

Target

JaffaCakes118_5abce156f6d0fb063e44fce99c0c8dbd9b02f0ee1f2cf13457afdf32b1612c49
Size

188KB
Sample

241230-fc4vkaylet
MD5

851ad0a8449ca3a3afb4f365364f76b4
SHA1

0d8ebb2967f6e3d03da54623ffa7bd971abd9ac7
SHA256

5abce156f6d0fb063e44fce99c0c8dbd9b02f0ee1f2cf13457afdf32b1612c49
SHA512

3a77486d335cdbcd8350ebb687e2a4e484e24e0bf4be5e6d3356088cfd6b42e675d12b503ad07d811b700b6284dfab8a97d4abc0828da351ef959508699792e0
SSDEEP

3072:eteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzh9qM:Wq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_5abce156f6d0fb063e44fce99c0c8dbd9b02f0ee1f2cf13457afdf32b1612c49
- Size
  
  188KB
- MD5
  
  851ad0a8449ca3a3afb4f365364f76b4
- SHA1
  
  0d8ebb2967f6e3d03da54623ffa7bd971abd9ac7
- SHA256
  
  5abce156f6d0fb063e44fce99c0c8dbd9b02f0ee1f2cf13457afdf32b1612c49
- SHA512
  
  3a77486d335cdbcd8350ebb687e2a4e484e24e0bf4be5e6d3356088cfd6b42e675d12b503ad07d811b700b6284dfab8a97d4abc0828da351ef959508699792e0
- SSDEEP
  
  3072:eteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzh9qM:Wq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader