dridex | 8044bebb2342e79e88f4aed18384cc70b3f6436caaf655c31be346980f737dbc | Triage

Sharing

General

Target

JaffaCakes118_8044bebb2342e79e88f4aed18384cc70b3f6436caaf655c31be346980f737dbc
Size

188KB
Sample

241230-fe2g8aymax
MD5

d16e19412c866344ef7624f3c5e4b0ec
SHA1

388a27846510bb2609d0a2a52e5bbb35ddde9854
SHA256

8044bebb2342e79e88f4aed18384cc70b3f6436caaf655c31be346980f737dbc
SHA512

d0cf0c61a40b5aeddd1b81c1b85cc06f894ef2e2512d09b347e8eb3dcda46891d7d0ddf0f188ec6e5ef93c5d3acc8e18895aee7675ab84fe6f6347af32110051
SSDEEP

3072:hteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzS9qM:tq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_8044bebb2342e79e88f4aed18384cc70b3f6436caaf655c31be346980f737dbc
- Size
  
  188KB
- MD5
  
  d16e19412c866344ef7624f3c5e4b0ec
- SHA1
  
  388a27846510bb2609d0a2a52e5bbb35ddde9854
- SHA256
  
  8044bebb2342e79e88f4aed18384cc70b3f6436caaf655c31be346980f737dbc
- SHA512
  
  d0cf0c61a40b5aeddd1b81c1b85cc06f894ef2e2512d09b347e8eb3dcda46891d7d0ddf0f188ec6e5ef93c5d3acc8e18895aee7675ab84fe6f6347af32110051
- SSDEEP
  
  3072:hteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzS9qM:tq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader