dridex | eea8515a729717bea0a995407687a829e0bd3daa3115032946b76e7071db7580 | Triage

Sharing

General

Target

JaffaCakes118_c3c91aab11ef219ec03c45850a793306
Size

180KB
Sample

250109-kpa58sxmak
MD5

c3c91aab11ef219ec03c45850a793306
SHA1

6b86858e92932f11debd8b0e969ac31e140f5abb
SHA256

eea8515a729717bea0a995407687a829e0bd3daa3115032946b76e7071db7580
SHA512

8da9972693467d4d180a489fdf0a014d161b70e630845816fd4a4c5e435b59657dd5966c4e7428b5796d38a54234d1900b037074985ac69878bb0a2c65ca4e2c
SSDEEP

3072:Enp0m9FOGDv64TOvqdjR91E404PUW6bKHJZK0Bzb5Fea:Enp0bG6q7040aBfK0db5

Score

10^/10

dridex 22201 botnet discovery loader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

212.237.17.99:443

176.28.17.160:6602

51.254.140.238:8333

rc4.plain

rc4.plain

Targets

- Target
  
  JaffaCakes118_c3c91aab11ef219ec03c45850a793306
- Size
  
  180KB
- MD5
  
  c3c91aab11ef219ec03c45850a793306
- SHA1
  
  6b86858e92932f11debd8b0e969ac31e140f5abb
- SHA256
  
  eea8515a729717bea0a995407687a829e0bd3daa3115032946b76e7071db7580
- SHA512
  
  8da9972693467d4d180a489fdf0a014d161b70e630845816fd4a4c5e435b59657dd5966c4e7428b5796d38a54234d1900b037074985ac69878bb0a2c65ca4e2c
- SSDEEP
  
  3072:Enp0m9FOGDv64TOvqdjR91E404PUW6bKHJZK0Bzb5Fea:Enp0bG6q7040aBfK0db5
Score

10^/10

dridex 22201 botnet discovery loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex22201botnetdiscoveryloader

behavioral2

dridex22201botnetdiscoveryloader