dridex | 5e988adbb45ee9fb09456a9b5dd7e85204388e8e29d427e48fc7ef8bc10479fc | Triage

Sharing

General

Target

JaffaCakes118_5e988adbb45ee9fb09456a9b5dd7e85204388e8e29d427e48fc7ef8bc10479fc
Size

188KB
Sample

241230-zzskla1qcs
MD5

b983eb5fdcd11f261a93d78463634636
SHA1

5cdaab51c5fabff14e2daa487ceaf13f47e99bcd
SHA256

5e988adbb45ee9fb09456a9b5dd7e85204388e8e29d427e48fc7ef8bc10479fc
SHA512

81ed8d42dbfa40042b557b3ced507f08fce2c6f59d5160a95c047cdac60830166d22041aff1723128010dcc9e6dfbeb543c73e2afc5a883126c8ccd540bc940b
SSDEEP

3072:QteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzI9qM:Eq7fYIHBZkTB6DWruUCOwjt

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_5e988adbb45ee9fb09456a9b5dd7e85204388e8e29d427e48fc7ef8bc10479fc
- Size
  
  188KB
- MD5
  
  b983eb5fdcd11f261a93d78463634636
- SHA1
  
  5cdaab51c5fabff14e2daa487ceaf13f47e99bcd
- SHA256
  
  5e988adbb45ee9fb09456a9b5dd7e85204388e8e29d427e48fc7ef8bc10479fc
- SHA512
  
  81ed8d42dbfa40042b557b3ced507f08fce2c6f59d5160a95c047cdac60830166d22041aff1723128010dcc9e6dfbeb543c73e2afc5a883126c8ccd540bc940b
- SSDEEP
  
  3072:QteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzI9qM:Eq7fYIHBZkTB6DWruUCOwjt
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader