dridex | 7dd82bf9befefa62caf37e34025d435aaa0cf5959fe6907ae71142bf4b5d386c | Triage

Sharing

General

Target

JaffaCakes118_7dd82bf9befefa62caf37e34025d435aaa0cf5959fe6907ae71142bf4b5d386c
Size

188KB
Sample

241230-gwvaxazrbl
MD5

065a0238f0058119fba9f0f9c41a11e4
SHA1

b37e8a065a0d58b0d48375f4908b64996d84747a
SHA256

7dd82bf9befefa62caf37e34025d435aaa0cf5959fe6907ae71142bf4b5d386c
SHA512

b00c07693200bdb9efadc68b70763be0ca1354c540afae49c2866ee76b35b4f2318cb4f5ca6f15dc6377779819d0a2da6f0e37cb13d058b0b20bea64be65ed66
SSDEEP

3072:PteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIz/9qM:Xq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_7dd82bf9befefa62caf37e34025d435aaa0cf5959fe6907ae71142bf4b5d386c
- Size
  
  188KB
- MD5
  
  065a0238f0058119fba9f0f9c41a11e4
- SHA1
  
  b37e8a065a0d58b0d48375f4908b64996d84747a
- SHA256
  
  7dd82bf9befefa62caf37e34025d435aaa0cf5959fe6907ae71142bf4b5d386c
- SHA512
  
  b00c07693200bdb9efadc68b70763be0ca1354c540afae49c2866ee76b35b4f2318cb4f5ca6f15dc6377779819d0a2da6f0e37cb13d058b0b20bea64be65ed66
- SSDEEP
  
  3072:PteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIz/9qM:Xq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader