dridex | a7fcebce15f5af48b91348085b6dd4885fff1538d289bbe7e3f5eaa61753e5f6 | Triage

Sharing

General

Target

JaffaCakes118_a7fcebce15f5af48b91348085b6dd4885fff1538d289bbe7e3f5eaa61753e5f6
Size

161KB
Sample

241230-we9rlatrft
MD5

dd6848a46ceedf0f505482ba1ae5c083
SHA1

63b3c2a59501e4bec42e22024db81f6dce27656e
SHA256

a7fcebce15f5af48b91348085b6dd4885fff1538d289bbe7e3f5eaa61753e5f6
SHA512

9b261d778284ed89856991cb38f353c98da674433bc894ef351346aa36f641b6ed1a7d717d9af85898af670ce9a2a48653038996e13e608d3802c85442a0ffd0
SSDEEP

3072:lk2X+QFg3UutDvUvoU8pz6EJEEhu6Tzace9kuaGA81/YXKHML/Yp8AF:HG3rUvoU4JE/Wzan9T7B/CKsL/Yy

Score

10^/10

dridex 40112 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

193.200.130.181:443

95.138.161.226:2303

167.114.113.13:4125

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_a7fcebce15f5af48b91348085b6dd4885fff1538d289bbe7e3f5eaa61753e5f6
- Size
  
  161KB
- MD5
  
  dd6848a46ceedf0f505482ba1ae5c083
- SHA1
  
  63b3c2a59501e4bec42e22024db81f6dce27656e
- SHA256
  
  a7fcebce15f5af48b91348085b6dd4885fff1538d289bbe7e3f5eaa61753e5f6
- SHA512
  
  9b261d778284ed89856991cb38f353c98da674433bc894ef351346aa36f641b6ed1a7d717d9af85898af670ce9a2a48653038996e13e608d3802c85442a0ffd0
- SSDEEP
  
  3072:lk2X+QFg3UutDvUvoU8pz6EJEEhu6Tzace9kuaGA81/YXKHML/Yp8AF:HG3rUvoU4JE/Wzan9T7B/CKsL/Yy
Score

10^/10

dridex 40112 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex40112botnetdiscoveryloader

behavioral2

dridex40112botnetdiscoveryloader