dridex | d4335a8401f73186b956495196d60de56083a6c633396358ab4f6ac61b61a520 | Triage

Sharing

General

Target

JaffaCakes118_493affe2d3fb24b9ef24a523292df0be
Size

180KB
Sample

250107-dahhfazrct
MD5

493affe2d3fb24b9ef24a523292df0be
SHA1

ccde112ce9717c826b578b41a8b1e62b8fa34f1f
SHA256

d4335a8401f73186b956495196d60de56083a6c633396358ab4f6ac61b61a520
SHA512

1359269056aa43b898bd73fe6519cef435314cc3e54b9ab2c098b49591243c6c2d16592e62c17152cb72ea3e142a5efcc29708abe8abd5d4171c53a7f5b47358
SSDEEP

3072:0zp0m9FOGDv64TOvqdjR91E404PUW6bKHJZK0Bzb5Uea:0zp0bG6q7040aBfK0db5

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

212.237.17.99:443

176.28.17.160:6602

51.254.140.238:8333

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_493affe2d3fb24b9ef24a523292df0be
- Size
  
  180KB
- MD5
  
  493affe2d3fb24b9ef24a523292df0be
- SHA1
  
  ccde112ce9717c826b578b41a8b1e62b8fa34f1f
- SHA256
  
  d4335a8401f73186b956495196d60de56083a6c633396358ab4f6ac61b61a520
- SHA512
  
  1359269056aa43b898bd73fe6519cef435314cc3e54b9ab2c098b49591243c6c2d16592e62c17152cb72ea3e142a5efcc29708abe8abd5d4171c53a7f5b47358
- SSDEEP
  
  3072:0zp0m9FOGDv64TOvqdjR91E404PUW6bKHJZK0Bzb5Uea:0zp0bG6q7040aBfK0db5
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader