dridex | f069786c97651546a1cd1f0318bfd01c994ce1829fc78cab2063d2e4aece3ca6 | Triage

Sharing

General

Target

JaffaCakes118_f069786c97651546a1cd1f0318bfd01c994ce1829fc78cab2063d2e4aece3ca6
Size

188KB
Sample

241230-vx6bfs1khk
MD5

9b8e77416e130163917d8de7538e219c
SHA1

105e87983a188776ac0af7fff16172362da94b2f
SHA256

f069786c97651546a1cd1f0318bfd01c994ce1829fc78cab2063d2e4aece3ca6
SHA512

a6db48dfc0ec259c7c3544b97ac399076d9467457b8a9543c5cf9d0a2c4c471f66cbd612288b0d42f58bfcecc49944f8d4589c7caa7d51d2cccf7bf6662d6479
SSDEEP

3072:VteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzU9qM:xq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_f069786c97651546a1cd1f0318bfd01c994ce1829fc78cab2063d2e4aece3ca6
- Size
  
  188KB
- MD5
  
  9b8e77416e130163917d8de7538e219c
- SHA1
  
  105e87983a188776ac0af7fff16172362da94b2f
- SHA256
  
  f069786c97651546a1cd1f0318bfd01c994ce1829fc78cab2063d2e4aece3ca6
- SHA512
  
  a6db48dfc0ec259c7c3544b97ac399076d9467457b8a9543c5cf9d0a2c4c471f66cbd612288b0d42f58bfcecc49944f8d4589c7caa7d51d2cccf7bf6662d6479
- SSDEEP
  
  3072:VteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzU9qM:xq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader