dridex | dbb27116e35f0659411c289cdd28c6deaa65ecbbee95dec86abb8a96191f4f4a | Triage

Sharing

General

Target

JaffaCakes118_dbb27116e35f0659411c289cdd28c6deaa65ecbbee95dec86abb8a96191f4f4a
Size

188KB
Sample

241230-yzd7jazkas
MD5

4bda7452d17cdb0d8ff06ed0ee1e4ea9
SHA1

aee3f679a116de31019e78158d1a31930c2aa0a6
SHA256

dbb27116e35f0659411c289cdd28c6deaa65ecbbee95dec86abb8a96191f4f4a
SHA512

d1427b53c82d562c0c6d192583fc5d6fd7e45a58017fcd5f106d2bbcf81db71c846c6dbb8bed97de83ae28951b37f4f69ad29d2d0c3d35b5dae71c47e1269142
SSDEEP

3072:BteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIz+9qM:Nq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_dbb27116e35f0659411c289cdd28c6deaa65ecbbee95dec86abb8a96191f4f4a
- Size
  
  188KB
- MD5
  
  4bda7452d17cdb0d8ff06ed0ee1e4ea9
- SHA1
  
  aee3f679a116de31019e78158d1a31930c2aa0a6
- SHA256
  
  dbb27116e35f0659411c289cdd28c6deaa65ecbbee95dec86abb8a96191f4f4a
- SHA512
  
  d1427b53c82d562c0c6d192583fc5d6fd7e45a58017fcd5f106d2bbcf81db71c846c6dbb8bed97de83ae28951b37f4f69ad29d2d0c3d35b5dae71c47e1269142
- SSDEEP
  
  3072:BteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIz+9qM:Nq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader