dridex | a1bbdb5cb1ab6540bc956d9c69acb80f6259a3151f9458217d80d2ae997ee45e | Triage

Sharing

General

Target

JaffaCakes118_a1bbdb5cb1ab6540bc956d9c69acb80f6259a3151f9458217d80d2ae997ee45e
Size

188KB
Sample

241230-gb7eqszmfr
MD5

1f1eb8d46628dbc0a6f4c2b5d00c8b6f
SHA1

7d1834e6ac3763fa7fda63891b474fe42c1707a2
SHA256

a1bbdb5cb1ab6540bc956d9c69acb80f6259a3151f9458217d80d2ae997ee45e
SHA512

f193b152144c787c9cab32a49d741246c05fec97d59e723261c385847f03c9ab25ee985280d20c42939506e479fcea1a20962bf8aee04cf398a97b61e8794678
SSDEEP

3072:+teMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzg9qM:2q7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_a1bbdb5cb1ab6540bc956d9c69acb80f6259a3151f9458217d80d2ae997ee45e
- Size
  
  188KB
- MD5
  
  1f1eb8d46628dbc0a6f4c2b5d00c8b6f
- SHA1
  
  7d1834e6ac3763fa7fda63891b474fe42c1707a2
- SHA256
  
  a1bbdb5cb1ab6540bc956d9c69acb80f6259a3151f9458217d80d2ae997ee45e
- SHA512
  
  f193b152144c787c9cab32a49d741246c05fec97d59e723261c385847f03c9ab25ee985280d20c42939506e479fcea1a20962bf8aee04cf398a97b61e8794678
- SSDEEP
  
  3072:+teMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzg9qM:2q7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader