dridex | 34384f226cd2e1e9d3feef9befdec2413abb8df59f1af245504810e61b3910b0 | Triage

Sharing

General

Target

34384f226cd2e1e9d3feef9befdec2413abb8df59f1af245504810e61b3910b0.zip
Size

607KB
Sample

250325-v7t16stlv3
MD5

361fbf74c957e1bde0048cc8bcbbd07d
SHA1

72f4326b6830921b47b71f796746c28d955fa7a3
SHA256

34384f226cd2e1e9d3feef9befdec2413abb8df59f1af245504810e61b3910b0
SHA512

a35c1117e0cb27688cf70e2aafa3487ee0b6f911829bddf7449265a74c2cf3ccfc0b45717baf6d0f22b61de30ef4f99cc89941f7b77135945bee5ef92a9dbb93
SSDEEP

12288:9I+UXG6+839uDyK8AteiJMGtdmXu1Pr8EUtJj0Tnf5Km7oVZ+RblbL:S+mGhiuDyEeKMgdmXqrdMdSnsDoBbL

Score

10^/10

dridex 10444 botnet discovery

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

194.225.58.214:443

211.110.44.63:5353

69.164.207.140:3388

198.57.200.100:3786

rc4.plain

rc4.plain

Targets

- Target
  
  0a905cb733a72dc8a3a2d4b744653d5697cfe86a0fb481ea9db8b8f60dc3a1f7.dll
- Size
  
  848KB
- MD5
  
  f82d6953d7261f02eecd7cf2342f4514
- SHA1
  
  a18b47ee1c5dd5a80043f3b13b454ab987212cb3
- SHA256
  
  0a905cb733a72dc8a3a2d4b744653d5697cfe86a0fb481ea9db8b8f60dc3a1f7
- SHA512
  
  568b380a9e9883c7d37467b223ec725f76e6ab8c9dc480ce68e074627fe445e9925de750a7ea78e7b1226f66caa3e69abf7bf916badf32a1f01518ed8eb4585b
- SSDEEP
  
  12288:53K8zfRHTVvV/iicxxOdUnyRsy8xLtNalpxIEdRgHCF7RuOwFQLQN41APA31uIEj:9K8zxhtafyS2jIEiCiQGk1f
Score

10^/10

dridex 10444 botnet discovery
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex10444botnetdiscovery

behavioral2

dridex10444botnetdiscovery