dridex | 3dbecf206bee7e2c132a096fe97424db65e4ed29032378f472aa4f31075d8995 | Triage

Sharing

General

Target

JaffaCakes118_3dbecf206bee7e2c132a096fe97424db65e4ed29032378f472aa4f31075d8995
Size

184KB
Sample

241230-xhz71awmhx
MD5

eac940820a49d8d151fa5ab2cd45a674
SHA1

06a2810f011a24585371163015f2242092eccd29
SHA256

3dbecf206bee7e2c132a096fe97424db65e4ed29032378f472aa4f31075d8995
SHA512

e87afcc3ceca0f6f47208b1490a9b7c2d739f659ae2b2f070e7cc53080ac6b06e786b62a10341b344ca599eb7c94e263babbc2faab359f0d64e1ef10acac0ae3
SSDEEP

3072:XgkQz1PuOprc+kq6VNOe3qbarVEpZlcbBacS9nOdg4dA4l:SPFkq6zOe5ilSanOvd

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.75.201.2:443

158.223.1.108:6225

165.22.28.242:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_3dbecf206bee7e2c132a096fe97424db65e4ed29032378f472aa4f31075d8995
- Size
  
  184KB
- MD5
  
  eac940820a49d8d151fa5ab2cd45a674
- SHA1
  
  06a2810f011a24585371163015f2242092eccd29
- SHA256
  
  3dbecf206bee7e2c132a096fe97424db65e4ed29032378f472aa4f31075d8995
- SHA512
  
  e87afcc3ceca0f6f47208b1490a9b7c2d739f659ae2b2f070e7cc53080ac6b06e786b62a10341b344ca599eb7c94e263babbc2faab359f0d64e1ef10acac0ae3
- SSDEEP
  
  3072:XgkQz1PuOprc+kq6VNOe3qbarVEpZlcbBacS9nOdg4dA4l:SPFkq6zOe5ilSanOvd
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader