dridex | 67d2bd853a7d49cb55186ce583660be7e230ce820a79fbb1a1fa04088ed3243e

Analysis

max time kernel
32s
max time network
9s
platform
windows7_x64
resource
win7v200722
submitted
11-09-2020 14:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

nwehe.bin.exe

Score

10^/10

dridex 10121 botnet loader

Malware Config

Extracted

Family

dridex

Botnet

10121

120.138.97.98:443

27.254.174.70:4443

144.217.7.207:4443

rc4.plain

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Dridex Loader 1 IoCs

Detects Dridex both x86 and x64 loader in memory.

botnet loader

Processes:

resource	yara_rule
behavioral1/memory/1000-0-0x0000000000400000-0x000000000042C000-memory.dmp	dridex_ldr

Dridex Loader 'dmod' strings 1 IoCs

Detects 'dmod' strings in Dridex loader.

botnet loader

Processes:

resource	yara_rule
behavioral1/memory/1000-0-0x0000000000400000-0x000000000042C000-memory.dmp	dridex_ldr_dmod

C:\Users\Admin\AppData\Local\Temp\nwehe.bin.exe
"C:\Users\Admin\AppData\Local\Temp\nwehe.bin.exe"
1⤵
PID:1000

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1000-0-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download