dridex | fe1992f9268eda9307ffb7bb25930679aaf2df6b6c1863524a5ad43ac212770e | Triage

Sharing

General

Target

JaffaCakes118_fe1992f9268eda9307ffb7bb25930679aaf2df6b6c1863524a5ad43ac212770e
Size

163KB
Sample

241230-xn2ysawpg1
MD5

6c63eaa3216a2b80f2d133040b8bdf0d
SHA1

ede4cd903d1762ad23f53281597d8c3c17441dc4
SHA256

fe1992f9268eda9307ffb7bb25930679aaf2df6b6c1863524a5ad43ac212770e
SHA512

4b1cf63e6a7ba3f1e06cf50d2f5b3797a1c5d40e6257dfbadd5647821f87e1674ca67f02ad8bf47bdb58d52d0427bbe42e91d0e3d599a6f05bfb1b03089c354b
SSDEEP

3072:P9F/oNrQb4xVubbXP/NTccbsFvCeLmXH57V30e8Pj:P9F6rQXvFczvYpQP

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

43.229.206.212:443

82.209.17.209:8172

162.241.209.225:4125

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_fe1992f9268eda9307ffb7bb25930679aaf2df6b6c1863524a5ad43ac212770e
- Size
  
  163KB
- MD5
  
  6c63eaa3216a2b80f2d133040b8bdf0d
- SHA1
  
  ede4cd903d1762ad23f53281597d8c3c17441dc4
- SHA256
  
  fe1992f9268eda9307ffb7bb25930679aaf2df6b6c1863524a5ad43ac212770e
- SHA512
  
  4b1cf63e6a7ba3f1e06cf50d2f5b3797a1c5d40e6257dfbadd5647821f87e1674ca67f02ad8bf47bdb58d52d0427bbe42e91d0e3d599a6f05bfb1b03089c354b
- SSDEEP
  
  3072:P9F/oNrQb4xVubbXP/NTccbsFvCeLmXH57V30e8Pj:P9F6rQXvFczvYpQP
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader