dridex | 5bd10a3d6a1b9299f155e26c71cd15d270770a3f9f3bbccdbfb6904761735c96 | Triage

Sharing

General

Target

JaffaCakes118_5bd10a3d6a1b9299f155e26c71cd15d270770a3f9f3bbccdbfb6904761735c96
Size

188KB
Sample

241230-xwhj4sxjfs
MD5

892f07a459dfc32ec620bb28ed641d4e
SHA1

a79b3ec0d5d83baaed2de854ad9693243065abd8
SHA256

5bd10a3d6a1b9299f155e26c71cd15d270770a3f9f3bbccdbfb6904761735c96
SHA512

9f23df92575e4eb8232e5af9ac2d01356e379782fef53199c8af2dd2c767d26a8eecfee851d33e930cadb1953fad6cdb0819e380a664e2045b43b51d48145116
SSDEEP

3072:EteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzH9qM:4q7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_5bd10a3d6a1b9299f155e26c71cd15d270770a3f9f3bbccdbfb6904761735c96
- Size
  
  188KB
- MD5
  
  892f07a459dfc32ec620bb28ed641d4e
- SHA1
  
  a79b3ec0d5d83baaed2de854ad9693243065abd8
- SHA256
  
  5bd10a3d6a1b9299f155e26c71cd15d270770a3f9f3bbccdbfb6904761735c96
- SHA512
  
  9f23df92575e4eb8232e5af9ac2d01356e379782fef53199c8af2dd2c767d26a8eecfee851d33e930cadb1953fad6cdb0819e380a664e2045b43b51d48145116
- SSDEEP
  
  3072:EteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzH9qM:4q7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader