dridex | da3ef9840e790fdaa3a31b492e302d8ee435e9da360c52d4ec2a7edd34265f6a | Triage

Sharing

General

Target

JaffaCakes118_da3ef9840e790fdaa3a31b492e302d8ee435e9da360c52d4ec2a7edd34265f6a
Size

188KB
Sample

241230-z3gx9s1rfx
MD5

49badf2b645486695fe19946d8e82480
SHA1

b197d3ce013c11ffcee5f76227c6781ca9b0cf40
SHA256

da3ef9840e790fdaa3a31b492e302d8ee435e9da360c52d4ec2a7edd34265f6a
SHA512

153098018815505aa2e42952d50160d98ce5c62f0bc6f393313eb6d8f97c4c6b6f8dbf9af209f529de6fd27eba084472a3fca1eb13f0a93d0ba93a753bc24900
SSDEEP

3072:gteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIz09qM:0q7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_da3ef9840e790fdaa3a31b492e302d8ee435e9da360c52d4ec2a7edd34265f6a
- Size
  
  188KB
- MD5
  
  49badf2b645486695fe19946d8e82480
- SHA1
  
  b197d3ce013c11ffcee5f76227c6781ca9b0cf40
- SHA256
  
  da3ef9840e790fdaa3a31b492e302d8ee435e9da360c52d4ec2a7edd34265f6a
- SHA512
  
  153098018815505aa2e42952d50160d98ce5c62f0bc6f393313eb6d8f97c4c6b6f8dbf9af209f529de6fd27eba084472a3fca1eb13f0a93d0ba93a753bc24900
- SSDEEP
  
  3072:gteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIz09qM:0q7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader