dridex | 0619b0b3b9ad8c87bb66e75cb036d7a6edaef2a6d170ea3ef91176316991aec4 | Triage

Sharing

General

Target

0619b0b3b9ad8c87bb66e75cb036d7a6edaef2a6d170ea3ef91176316991aec4.zip
Size

481KB
Sample

250325-erecsa1shs
MD5

7294e88d89543cec05bcb86faf673c6e
SHA1

bc6fc37589cf893d7d49814c1fe8879166623c2b
SHA256

0619b0b3b9ad8c87bb66e75cb036d7a6edaef2a6d170ea3ef91176316991aec4
SHA512

f84a576394ebcdbb6dbccccd034f6a0fffc6b2e33291c67d7aab43458da2d64af397174755c40727efb7c80d5d2e1d5c2349605a8be2324f67e0c0f4bafda907
SSDEEP

12288:P7+VMYZ6J3ikPpf7PmrgF/B0pV9NqHcX+/ZSuy/gV8ESXS+LIP:PKe06J3ikPpDesF5Ar7uhYSLP

Score

10^/10

dridex 10555 botnet discovery

Malware Config

Extracted

Family

dridex

Botnet

10555

C2

194.225.58.216:443

178.254.40.132:691

216.172.165.70:3889

198.57.200.100:3786

rc4.plain

rc4.plain

Targets

- Target
  
  9f38af84820dc29e805029409bbb2a5765036775973e3898b6db1f66c1b47270.dll
- Size
  
  630KB
- MD5
  
  3ce5469a7a34b52cc10fd3f17c29b3a5
- SHA1
  
  d6b121e7a8ed0e94c2e89e33ea6828290f858e90
- SHA256
  
  9f38af84820dc29e805029409bbb2a5765036775973e3898b6db1f66c1b47270
- SHA512
  
  6e9746d0377d6a5d09ee0d8cc7cb8660443420868e6be21cb587293b4869fc45793a55a9c6d44b46fce7dcbb722535954882dd6f4f126448b1f03e56fb916bb2
- SSDEEP
  
  12288:wWgj44r+TR9BOlTxYprswC+x/c52TCEGlviDkjG4nTehyMYH:Be44iQlTxKp5TCEGlhFTehyMYH
Score

10^/10

dridex 10555 botnet discovery
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex10555botnetdiscovery

behavioral2

dridex10555botnetdiscovery