dridex | 441033f5f3c78d805819549a50717240a044fd7dab97cf27dc2b1df8d66a2c54 | Triage

Sharing

General

Target

JaffaCakes118_441033f5f3c78d805819549a50717240a044fd7dab97cf27dc2b1df8d66a2c54
Size

161KB
Sample

241230-y2z7saxjcp
MD5

1d32bab173d9eb4b34e4e4ce6adfb005
SHA1

f62f31565ca20cbe7045b6cc60239edb66ccf3b9
SHA256

441033f5f3c78d805819549a50717240a044fd7dab97cf27dc2b1df8d66a2c54
SHA512

cc7445be31a2388a531bb3fa55c1f0fbf5fc0ab5ded3c30600e1a28f045608c975db06c99bd9e857fa070aecd2852048d5c21dfc7772435ac29f660ac1554a12
SSDEEP

3072:ak2X+QFg3UutDvUvoU8pz6EJEEhu6Tzace9kuaGA81/YXKHML/Yp8AF:8G3rUvoU4JE/Wzan9T7B/CKsL/Yy

Score

10^/10

dridex 40112 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

193.200.130.181:443

95.138.161.226:2303

167.114.113.13:4125

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_441033f5f3c78d805819549a50717240a044fd7dab97cf27dc2b1df8d66a2c54
- Size
  
  161KB
- MD5
  
  1d32bab173d9eb4b34e4e4ce6adfb005
- SHA1
  
  f62f31565ca20cbe7045b6cc60239edb66ccf3b9
- SHA256
  
  441033f5f3c78d805819549a50717240a044fd7dab97cf27dc2b1df8d66a2c54
- SHA512
  
  cc7445be31a2388a531bb3fa55c1f0fbf5fc0ab5ded3c30600e1a28f045608c975db06c99bd9e857fa070aecd2852048d5c21dfc7772435ac29f660ac1554a12
- SSDEEP
  
  3072:ak2X+QFg3UutDvUvoU8pz6EJEEhu6Tzace9kuaGA81/YXKHML/Yp8AF:8G3rUvoU4JE/Wzan9T7B/CKsL/Yy
Score

10^/10

dridex 40112 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex40112botnetdiscoveryloader

behavioral2

dridex40112botnetdiscoveryloader