dridex | 16ce99b42412d992b6e5dd2e30595f62da0e7e9aa8c3afaaae5d33ba1fbc2baa | Triage

Sharing

General

Target

JaffaCakes118_16ce99b42412d992b6e5dd2e30595f62da0e7e9aa8c3afaaae5d33ba1fbc2baa
Size

170KB
Sample

241230-gb1beszmfm
MD5

56ea6a05a60a434b149ed57b533801aa
SHA1

d079280debba4c80b052bc23bf1f5d30a16b738b
SHA256

16ce99b42412d992b6e5dd2e30595f62da0e7e9aa8c3afaaae5d33ba1fbc2baa
SHA512

65eafef9a4a50480daa38571f952ff5f8a113c4a0c379c0012b1f08c396b6c3c3e90f0ca7942c139c9e3ec0948d5a9e497b7eeab1b919a17febed2f1bba20e89
SSDEEP

3072:NV/jTmL3X6TLhgZBxbvRS1ebSi75S5NNZ4n+whXVM9MWdo8erj:NV/jTe38LiI4Oi75izyn+4lm

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

210.65.244.187:443

162.241.41.92:2303

46.231.204.10:8172

185.183.159.100:4125

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_16ce99b42412d992b6e5dd2e30595f62da0e7e9aa8c3afaaae5d33ba1fbc2baa
- Size
  
  170KB
- MD5
  
  56ea6a05a60a434b149ed57b533801aa
- SHA1
  
  d079280debba4c80b052bc23bf1f5d30a16b738b
- SHA256
  
  16ce99b42412d992b6e5dd2e30595f62da0e7e9aa8c3afaaae5d33ba1fbc2baa
- SHA512
  
  65eafef9a4a50480daa38571f952ff5f8a113c4a0c379c0012b1f08c396b6c3c3e90f0ca7942c139c9e3ec0948d5a9e497b7eeab1b919a17febed2f1bba20e89
- SSDEEP
  
  3072:NV/jTmL3X6TLhgZBxbvRS1ebSi75S5NNZ4n+whXVM9MWdo8erj:NV/jTe38LiI4Oi75izyn+4lm
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader