dridex | 67b43b4c24de48616d165ac7d5f75e70191c66f5e9b204ce752904f475451518 | Triage

Resubmissions

06-08-2020 14:51

200806-bj3bhjvkn2 10

03-08-2020 13:54

200803-bpzg5zpq82 1

Analysis

max time kernel
24s
max time network
119s
platform
windows10_x64
resource
win10
submitted
06-08-2020 14:51

Sharing

Report Analysis Logs

General

Target

67b43b4c24de48616d165ac7d5f75e70191c66f5e9b204ce752904f475451518.exe
Size

196KB
MD5

a95d24937acb3420ee94493db298b295
SHA1

28aefcd3225e0d51de2dd25428745a36850d0ea1
SHA256

67b43b4c24de48616d165ac7d5f75e70191c66f5e9b204ce752904f475451518
SHA512

96b283a40c2aaf1bbe8251e0b7f506dced5f0cbd855faed2d03e7e28ef2fe515e9e8d0724af6f2db1b3a000a6566186f2d6ee87a325936b14a0759fa01c7da3f

Score

10^/10

dridex 20445 botnet loader

Malware Config

Extracted

Family

dridex

Botnet

20445

C2

213.136.94.177:443

91.83.93.219:3389

37.205.9.252:8443

213.192.1.171:4646

rc4.plain

rc4.plain

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Dridex Loader 1 IoCs

Detects Dridex both x86 and x64 loader in memory.

Processes:

resource	yara_rule
behavioral2/memory/3832-0-0x0000000010000000-0x0000000010028000-memory.dmp	dridex_ldr

C:\Users\Admin\AppData\Local\Temp\67b43b4c24de48616d165ac7d5f75e70191c66f5e9b204ce752904f475451518.exe
"C:\Users\Admin\AppData\Local\Temp\67b43b4c24de48616d165ac7d5f75e70191c66f5e9b204ce752904f475451518.exe"
1⤵
PID:3832

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3832-0-0x0000000010000000-0x0000000010028000-memory.dmp

Filesize
160KB

Download