67b43b4c24de48616d165ac7d5f75e70191c66f5e9b204ce752904f475451518

General
Target

67b43b4c24de48616d165ac7d5f75e70191c66f5e9b204ce752904f475451518.exe

Filesize

196KB

Completed

06-08-2020 14:54

Score
10 /10
MD5

a95d24937acb3420ee94493db298b295

SHA1

28aefcd3225e0d51de2dd25428745a36850d0ea1

SHA256

67b43b4c24de48616d165ac7d5f75e70191c66f5e9b204ce752904f475451518

Malware Config

Extracted

Family dridex
Botnet 20445
C2

213.136.94.177:443

91.83.93.219:3389

37.205.9.252:8443

213.192.1.171:4646

rc4.plain
rc4.plain
Signatures 2

Filter: none

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Reported IOCs

    resourceyara_rule
    behavioral1/memory/1060-1-0x0000000010000000-0x0000000010028000-memory.dmpdridex_ldr
Processes 1
  • C:\Users\Admin\AppData\Local\Temp\67b43b4c24de48616d165ac7d5f75e70191c66f5e9b204ce752904f475451518.exe
    "C:\Users\Admin\AppData\Local\Temp\67b43b4c24de48616d165ac7d5f75e70191c66f5e9b204ce752904f475451518.exe"
    PID:1060
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • memory/1060-0-0x0000000074600000-0x00000000747A3000-memory.dmp

                          • memory/1060-1-0x0000000010000000-0x0000000010028000-memory.dmp