dridex | cddb0b114229b017b14c274fa7790f5b75775c3c8cc137f5abfeb2582c8dbd2d | Triage

Sharing

General

Target

JaffaCakes118_cddb0b114229b017b14c274fa7790f5b75775c3c8cc137f5abfeb2582c8dbd2d
Size

188KB
Sample

241230-yczjysvqep
MD5

c008c3aebd6072635d6c5c23581d5ee9
SHA1

349f7bb26547d6186217e4aa2ca0794254b760d9
SHA256

cddb0b114229b017b14c274fa7790f5b75775c3c8cc137f5abfeb2582c8dbd2d
SHA512

6560cc68076d150c1c2d1b8b898dbfb7d4e50a0491d3d124effebfe151760787b1cbec29aa00fe2a9e566b204fa60b2537618ef499bd4dbeee1ce5617cc9d784
SSDEEP

3072:IteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzp9qM:sq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_cddb0b114229b017b14c274fa7790f5b75775c3c8cc137f5abfeb2582c8dbd2d
- Size
  
  188KB
- MD5
  
  c008c3aebd6072635d6c5c23581d5ee9
- SHA1
  
  349f7bb26547d6186217e4aa2ca0794254b760d9
- SHA256
  
  cddb0b114229b017b14c274fa7790f5b75775c3c8cc137f5abfeb2582c8dbd2d
- SHA512
  
  6560cc68076d150c1c2d1b8b898dbfb7d4e50a0491d3d124effebfe151760787b1cbec29aa00fe2a9e566b204fa60b2537618ef499bd4dbeee1ce5617cc9d784
- SSDEEP
  
  3072:IteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzp9qM:sq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader