dridex | cf06da5168e14118d6ecdc23b00c397da94f3742ce20fd72e47cb7ba9197d8fe | Triage

Sharing

General

Target

cf06da5168e14118d6ecdc23b00c397da94f3742ce20fd72e47cb7ba9197d8feN.exe
Size

676KB
Sample

250121-jchtwasrby
MD5

5b3deb3070cd9f7e3d0d92b3809ad6e0
SHA1

c7e463361fc778e01c41905fb5a7559661d26bcf
SHA256

cf06da5168e14118d6ecdc23b00c397da94f3742ce20fd72e47cb7ba9197d8fe
SHA512

544140537645a304614a9d0c5db17a5040b64dd10df72f81d47279bec23f9bb2a68936c4a20b66bfd13a6622352b71b9357a259c611fc0b6122d424d69f169fb
SSDEEP

12288:YHcRey4pHcRey4pHcRey4+Z2E6lbYvjha5snTOuCX:YCqCqCLZf6lK2GTOnX

Score

10^/10

dridex 10111 botnet discovery

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

185.89.158.19:443

144.217.7.207:4443

59.10.131.141:34443

rc4.plain

rc4.plain

Targets

- Target
  
  cf06da5168e14118d6ecdc23b00c397da94f3742ce20fd72e47cb7ba9197d8feN.exe
- Size
  
  676KB
- MD5
  
  5b3deb3070cd9f7e3d0d92b3809ad6e0
- SHA1
  
  c7e463361fc778e01c41905fb5a7559661d26bcf
- SHA256
  
  cf06da5168e14118d6ecdc23b00c397da94f3742ce20fd72e47cb7ba9197d8fe
- SHA512
  
  544140537645a304614a9d0c5db17a5040b64dd10df72f81d47279bec23f9bb2a68936c4a20b66bfd13a6622352b71b9357a259c611fc0b6122d424d69f169fb
- SSDEEP
  
  12288:YHcRey4pHcRey4pHcRey4+Z2E6lbYvjha5snTOuCX:YCqCqCLZf6lK2GTOnX
Score

10^/10

dridex 10111 botnet discovery
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex10111botnetdiscovery

behavioral2

dridex10111botnetdiscovery