dridex | 3b4235e31377a8be589f91b9ad521f6a3a4ed28a94146eb6c2b658615e63ab27 | Triage

Sharing

General

Target

JaffaCakes118_3b4235e31377a8be589f91b9ad521f6a3a4ed28a94146eb6c2b658615e63ab27
Size

177KB
Sample

241230-znwg4s1lcv
MD5

6d221a51a97d24b090c6c5ae5fe22188
SHA1

4a84eda5551fea116677675d57763b28e3a5e87d
SHA256

3b4235e31377a8be589f91b9ad521f6a3a4ed28a94146eb6c2b658615e63ab27
SHA512

ee2e1084ecde6b3970a93690c103660ec420ac31a0385a659787806550c7293be54a817ceab5e7cd82bb2b9f8b8e2987fdfc52906ffcfce99225080a37acd749
SSDEEP

3072:QuCmyBVtWxZCOCA4Hpl1tv18FTETA8ocya/OyoSJPAacbnid8DOHPJ+HJ:8zWxkOP4p2EesvcDi6DOHPJ

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

144.76.1.150:443

50.249.212.98:23399

104.168.154.79:5007

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_3b4235e31377a8be589f91b9ad521f6a3a4ed28a94146eb6c2b658615e63ab27
- Size
  
  177KB
- MD5
  
  6d221a51a97d24b090c6c5ae5fe22188
- SHA1
  
  4a84eda5551fea116677675d57763b28e3a5e87d
- SHA256
  
  3b4235e31377a8be589f91b9ad521f6a3a4ed28a94146eb6c2b658615e63ab27
- SHA512
  
  ee2e1084ecde6b3970a93690c103660ec420ac31a0385a659787806550c7293be54a817ceab5e7cd82bb2b9f8b8e2987fdfc52906ffcfce99225080a37acd749
- SSDEEP
  
  3072:QuCmyBVtWxZCOCA4Hpl1tv18FTETA8ocya/OyoSJPAacbnid8DOHPJ+HJ:8zWxkOP4p2EesvcDi6DOHPJ
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader