dridex | 16183658891dbdcbc01683e5b7e7cb9887252e9709b1f651541fbe2a3d68269e | Triage

Sharing

General

Target

JaffaCakes118_16183658891dbdcbc01683e5b7e7cb9887252e9709b1f651541fbe2a3d68269e
Size

188KB
Sample

241230-y2n5hszlbw
MD5

0283f4679fdc72de2b86c7a84411f286
SHA1

3f04ed5bc5f6141403480ee94d16d6b816d4cffa
SHA256

16183658891dbdcbc01683e5b7e7cb9887252e9709b1f651541fbe2a3d68269e
SHA512

1da535bf2b5ce59b4effc1d60fe4e86299385c3f5b45cebd11a7490169bf66ffabec9d222567c56c540660342a85552534e9e775ccce63df26df91ec801ee34a
SSDEEP

3072:DteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzq9qM:rq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_16183658891dbdcbc01683e5b7e7cb9887252e9709b1f651541fbe2a3d68269e
- Size
  
  188KB
- MD5
  
  0283f4679fdc72de2b86c7a84411f286
- SHA1
  
  3f04ed5bc5f6141403480ee94d16d6b816d4cffa
- SHA256
  
  16183658891dbdcbc01683e5b7e7cb9887252e9709b1f651541fbe2a3d68269e
- SHA512
  
  1da535bf2b5ce59b4effc1d60fe4e86299385c3f5b45cebd11a7490169bf66ffabec9d222567c56c540660342a85552534e9e775ccce63df26df91ec801ee34a
- SSDEEP
  
  3072:DteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzq9qM:rq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader