dridex | 212262761db58b177db829bb64b35acde073b12d0d98e02d15a5ba0ae5090dd1 | Triage

Sharing

General

Target

JaffaCakes118_212262761db58b177db829bb64b35acde073b12d0d98e02d15a5ba0ae5090dd1
Size

170KB
Sample

241230-w7xyhasrdn
MD5

f013b32fbf0312542af77b8edf0381e2
SHA1

dd0c9b1b8fc4765ae5ecb8fa4300a0e5f4fa0a82
SHA256

212262761db58b177db829bb64b35acde073b12d0d98e02d15a5ba0ae5090dd1
SHA512

b5676f8427b603c6ec76535312fb7be6a3956c4eef3bc3e81fa1b6c220fa505377ccced9c68c4e0974de2832453e0b54c80375a7b51169693124620e1982b656
SSDEEP

3072:zqWLBTrGNr0gl+CI3bc4ThMXu6GkqFmLqmjcRVmkHkKFhG2wwUJ5/lB:9VqNd+CIQHXu9VFmu0qU2CJ5

Score

10^/10

dridex 40112 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

128.199.200.38:443

192.163.233.216:6601

43.229.206.244:4125

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_212262761db58b177db829bb64b35acde073b12d0d98e02d15a5ba0ae5090dd1
- Size
  
  170KB
- MD5
  
  f013b32fbf0312542af77b8edf0381e2
- SHA1
  
  dd0c9b1b8fc4765ae5ecb8fa4300a0e5f4fa0a82
- SHA256
  
  212262761db58b177db829bb64b35acde073b12d0d98e02d15a5ba0ae5090dd1
- SHA512
  
  b5676f8427b603c6ec76535312fb7be6a3956c4eef3bc3e81fa1b6c220fa505377ccced9c68c4e0974de2832453e0b54c80375a7b51169693124620e1982b656
- SSDEEP
  
  3072:zqWLBTrGNr0gl+CI3bc4ThMXu6GkqFmLqmjcRVmkHkKFhG2wwUJ5/lB:9VqNd+CIQHXu9VFmu0qU2CJ5
Score

10^/10

dridex 40112 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex40112botnetdiscoveryloader

behavioral2

dridex40112botnetdiscoveryloader