dridex | 67343f2501f14b015009e367ee9b3bc6d1b02a23c76555d7a96b48333c7eb563 | Triage

Sharing

General

Target

JaffaCakes118_67343f2501f14b015009e367ee9b3bc6d1b02a23c76555d7a96b48333c7eb563
Size

188KB
Sample

241230-ys3xbayqes
MD5

e0d17db793968c80ddd30235782cb413
SHA1

0ffddfa798a0a66481e0da394acbc5bdf5f098b7
SHA256

67343f2501f14b015009e367ee9b3bc6d1b02a23c76555d7a96b48333c7eb563
SHA512

127ebdd20b26d5619abbafb13d1dbc9aab524c4fbd222d43bcf1d25685367a75dde2cb51d20938c349af03f190c1c1267b85b3d7ea8069aa3f755cb8dacbe9b4
SSDEEP

3072:cteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzv9qM:gq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_67343f2501f14b015009e367ee9b3bc6d1b02a23c76555d7a96b48333c7eb563
- Size
  
  188KB
- MD5
  
  e0d17db793968c80ddd30235782cb413
- SHA1
  
  0ffddfa798a0a66481e0da394acbc5bdf5f098b7
- SHA256
  
  67343f2501f14b015009e367ee9b3bc6d1b02a23c76555d7a96b48333c7eb563
- SHA512
  
  127ebdd20b26d5619abbafb13d1dbc9aab524c4fbd222d43bcf1d25685367a75dde2cb51d20938c349af03f190c1c1267b85b3d7ea8069aa3f755cb8dacbe9b4
- SSDEEP
  
  3072:cteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzv9qM:gq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader