dridex | a633d78b4187e59a50ae0d642c3c2f89aa349c628858712627534edc974f6e57 | Triage

Sharing

General

Target

JaffaCakes118_a633d78b4187e59a50ae0d642c3c2f89aa349c628858712627534edc974f6e57
Size

161KB
Sample

241230-ygnm9aykby
MD5

a09e6579646c41c5adf4f39e4a8d5efc
SHA1

ed46d4cc45595a793de3fe0daa1be1a55680761b
SHA256

a633d78b4187e59a50ae0d642c3c2f89aa349c628858712627534edc974f6e57
SHA512

946708d83ec7e57a90dd1d13173de8fe845a198c22d3ae613d1eea556834b4b4876cd6a719491b91de9428210a493369dc3af338be222772898feee2f779aa22
SSDEEP

3072:0k2X+QFg3UutDvUvoU8pz6EJEEhu6Tzace9kuaGA81/YXKHML/Yp8AF:qG3rUvoU4JE/Wzan9T7B/CKsL/Yy

Score

10^/10

dridex 40112 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

193.200.130.181:443

95.138.161.226:2303

167.114.113.13:4125

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_a633d78b4187e59a50ae0d642c3c2f89aa349c628858712627534edc974f6e57
- Size
  
  161KB
- MD5
  
  a09e6579646c41c5adf4f39e4a8d5efc
- SHA1
  
  ed46d4cc45595a793de3fe0daa1be1a55680761b
- SHA256
  
  a633d78b4187e59a50ae0d642c3c2f89aa349c628858712627534edc974f6e57
- SHA512
  
  946708d83ec7e57a90dd1d13173de8fe845a198c22d3ae613d1eea556834b4b4876cd6a719491b91de9428210a493369dc3af338be222772898feee2f779aa22
- SSDEEP
  
  3072:0k2X+QFg3UutDvUvoU8pz6EJEEhu6Tzace9kuaGA81/YXKHML/Yp8AF:qG3rUvoU4JE/Wzan9T7B/CKsL/Yy
Score

10^/10

dridex 40112 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex40112botnetdiscoveryloader

behavioral2

dridex40112botnetdiscoveryloader