dridex | c34dd029c613fcfb24e23b58c2bd5eb15d345e61fc0958ec69aedf5b46e0d3fc | Triage

Sharing

General

Target

JaffaCakes118_c34dd029c613fcfb24e23b58c2bd5eb15d345e61fc0958ec69aedf5b46e0d3fc
Size

188KB
Sample

241230-fpsytsypcx
MD5

b4be0c1400cb4b066ed169dc39f464a0
SHA1

799bfd9df2312a5387e2b20929664b606969d4aa
SHA256

c34dd029c613fcfb24e23b58c2bd5eb15d345e61fc0958ec69aedf5b46e0d3fc
SHA512

2a420688b0b8fb305029a985706428ce3de5fd98e8c69c76e8b2641a1325af257f48a542d2ccf522f0dba7bbb564257a13597f80cc6eb3bf1a59ce77e71f224d
SSDEEP

3072:rteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzS9qM:jq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_c34dd029c613fcfb24e23b58c2bd5eb15d345e61fc0958ec69aedf5b46e0d3fc
- Size
  
  188KB
- MD5
  
  b4be0c1400cb4b066ed169dc39f464a0
- SHA1
  
  799bfd9df2312a5387e2b20929664b606969d4aa
- SHA256
  
  c34dd029c613fcfb24e23b58c2bd5eb15d345e61fc0958ec69aedf5b46e0d3fc
- SHA512
  
  2a420688b0b8fb305029a985706428ce3de5fd98e8c69c76e8b2641a1325af257f48a542d2ccf522f0dba7bbb564257a13597f80cc6eb3bf1a59ce77e71f224d
- SSDEEP
  
  3072:rteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzS9qM:jq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader