dridex | 8033e4baf0b9e25bdc2d9587059cddbd995fe2c2ce7c961ccf0fdaa84d0424ed | Triage

Sharing

General

Target

JaffaCakes118_8033e4baf0b9e25bdc2d9587059cddbd995fe2c2ce7c961ccf0fdaa84d0424ed
Size

162KB
Sample

241230-ylvmcsymbx
MD5

1557ce8ee2bab7f7fe4e1d816815a003
SHA1

80945e0944f2c9d6e175af0b9fa11e28dff4703c
SHA256

8033e4baf0b9e25bdc2d9587059cddbd995fe2c2ce7c961ccf0fdaa84d0424ed
SHA512

5a7833865d04cfc083a9b96eedd84118f2445b78a81f5deb77dd940c3118bf8df43ab2550168416cf26f5ced3391ca77333aef918dbe8a304ff990e4064e43cf
SSDEEP

3072:oesl4+VdlY+01jb5SA5hg9PTEfPa1x+pq0KbuFicLiV:i4+VZQpt5hyPsa1ekiE9V

Score

10^/10

dridex 22202 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

203.114.109.124:443

82.165.145.100:6601

94.177.255.18:8172

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_8033e4baf0b9e25bdc2d9587059cddbd995fe2c2ce7c961ccf0fdaa84d0424ed
- Size
  
  162KB
- MD5
  
  1557ce8ee2bab7f7fe4e1d816815a003
- SHA1
  
  80945e0944f2c9d6e175af0b9fa11e28dff4703c
- SHA256
  
  8033e4baf0b9e25bdc2d9587059cddbd995fe2c2ce7c961ccf0fdaa84d0424ed
- SHA512
  
  5a7833865d04cfc083a9b96eedd84118f2445b78a81f5deb77dd940c3118bf8df43ab2550168416cf26f5ced3391ca77333aef918dbe8a304ff990e4064e43cf
- SSDEEP
  
  3072:oesl4+VdlY+01jb5SA5hg9PTEfPa1x+pq0KbuFicLiV:i4+VZQpt5hyPsa1ekiE9V
Score

10^/10

dridex 22202 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22202botnetdiscoveryloader

behavioral2

dridex22202botnetdiscoveryloader