dridex | 76df21ea886f756ef147ac6e0f4392dcb13dbb7ab1cc56b0b9d9cc9fb7cfdf01 | Triage

Sharing

General

Target

JaffaCakes118_76df21ea886f756ef147ac6e0f4392dcb13dbb7ab1cc56b0b9d9cc9fb7cfdf01
Size

170KB
Sample

241230-xv8d5strgp
MD5

9c1c38987a1c25b3a355c2545703ced5
SHA1

9abef370dd2d657d726c4ac9068efcd732a2736e
SHA256

76df21ea886f756ef147ac6e0f4392dcb13dbb7ab1cc56b0b9d9cc9fb7cfdf01
SHA512

e51ba0db38313a9809dffc5fcec3649062de00e4f577616292d2134838b7619615e693b61ceed687a0f80e3e3caf9945124ca37a02a36eb33086912295e35f7c
SSDEEP

3072:UV/jTmL3X6TLhgZBxbvRS1ebSi75S5NNZ4n+whXVM9MWdo8erj:UV/jTe38LiI4Oi75izyn+4lm

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

210.65.244.187:443

162.241.41.92:2303

46.231.204.10:8172

185.183.159.100:4125

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_76df21ea886f756ef147ac6e0f4392dcb13dbb7ab1cc56b0b9d9cc9fb7cfdf01
- Size
  
  170KB
- MD5
  
  9c1c38987a1c25b3a355c2545703ced5
- SHA1
  
  9abef370dd2d657d726c4ac9068efcd732a2736e
- SHA256
  
  76df21ea886f756ef147ac6e0f4392dcb13dbb7ab1cc56b0b9d9cc9fb7cfdf01
- SHA512
  
  e51ba0db38313a9809dffc5fcec3649062de00e4f577616292d2134838b7619615e693b61ceed687a0f80e3e3caf9945124ca37a02a36eb33086912295e35f7c
- SSDEEP
  
  3072:UV/jTmL3X6TLhgZBxbvRS1ebSi75S5NNZ4n+whXVM9MWdo8erj:UV/jTe38LiI4Oi75izyn+4lm
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader