dridex | 26fd0275e412e87f740cbc207498f7fcb6dee985930e18b6a7df0cf3817a6c26 | Triage

Sharing

General

Target

JaffaCakes118_26fd0275e412e87f740cbc207498f7fcb6dee985930e18b6a7df0cf3817a6c26
Size

188KB
Sample

241230-ypjn9syne1
MD5

954c89511aa1d74231079229e147832e
SHA1

5369e47772efefe46f3fd0c64f5e47d70a7c78ba
SHA256

26fd0275e412e87f740cbc207498f7fcb6dee985930e18b6a7df0cf3817a6c26
SHA512

7c983b031850ff886db04097f0398ae61e4346e981d7153dcd21dff5511fc8b722daa2c94fd39239d1037a9b740c1f8dbae45c9321ed2205a3aabb5b0e55f61e
SSDEEP

3072:iteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzq9qM:Kq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_26fd0275e412e87f740cbc207498f7fcb6dee985930e18b6a7df0cf3817a6c26
- Size
  
  188KB
- MD5
  
  954c89511aa1d74231079229e147832e
- SHA1
  
  5369e47772efefe46f3fd0c64f5e47d70a7c78ba
- SHA256
  
  26fd0275e412e87f740cbc207498f7fcb6dee985930e18b6a7df0cf3817a6c26
- SHA512
  
  7c983b031850ff886db04097f0398ae61e4346e981d7153dcd21dff5511fc8b722daa2c94fd39239d1037a9b740c1f8dbae45c9321ed2205a3aabb5b0e55f61e
- SSDEEP
  
  3072:iteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzq9qM:Kq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader