dridex | b82a58a8c73aec51c2242cedf7b3615102296adb55651ce94aa5e9c51d0a0ac9 | Triage

Sharing

General

Target

JaffaCakes118_b82a58a8c73aec51c2242cedf7b3615102296adb55651ce94aa5e9c51d0a0ac9
Size

161KB
Sample

241230-ge5qbaznck
MD5

62d777a3c7dac6bc0443d539bd6c2911
SHA1

6428a833499be7e511231f1e347f72c445e747d9
SHA256

b82a58a8c73aec51c2242cedf7b3615102296adb55651ce94aa5e9c51d0a0ac9
SHA512

90c7efdf881f7d65a28bc38324d92782290e0da78d6eade7bcc5787289a2e1eee87abeb70a3b9944206e03f436f472af4b6028b28b8d22ad79cdaf130134cb8e
SSDEEP

3072:Hk2X+QFg3UutDvUvoU8pz6EJEEhu6Tzace9kuaGA81/YXKHML/Yp8AF:1G3rUvoU4JE/Wzan9T7B/CKsL/Yy

Score

10^/10

dridex 40112 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

193.200.130.181:443

95.138.161.226:2303

167.114.113.13:4125

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_b82a58a8c73aec51c2242cedf7b3615102296adb55651ce94aa5e9c51d0a0ac9
- Size
  
  161KB
- MD5
  
  62d777a3c7dac6bc0443d539bd6c2911
- SHA1
  
  6428a833499be7e511231f1e347f72c445e747d9
- SHA256
  
  b82a58a8c73aec51c2242cedf7b3615102296adb55651ce94aa5e9c51d0a0ac9
- SHA512
  
  90c7efdf881f7d65a28bc38324d92782290e0da78d6eade7bcc5787289a2e1eee87abeb70a3b9944206e03f436f472af4b6028b28b8d22ad79cdaf130134cb8e
- SSDEEP
  
  3072:Hk2X+QFg3UutDvUvoU8pz6EJEEhu6Tzace9kuaGA81/YXKHML/Yp8AF:1G3rUvoU4JE/Wzan9T7B/CKsL/Yy
Score

10^/10

dridex 40112 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex40112botnetdiscoveryloader

behavioral2

dridex40112botnetdiscoveryloader