Overview

overview

10

Static

static

08e5c20c40...cc.exe

windows7_x64

10

08e5c20c40...cc.exe

windows10_x64

10

Analysis

  • max time kernel
    36s
  • max time network
    13s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    10-11-2020 11:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    08e5c20c4058f95ab6f34694e94766681188b21d6729961e4b7fb0e7c4d6f6cc.exe

  • Size

    615KB

  • MD5

    acd2dadb83a8a13ce6457664b7c4c2a8

  • SHA1

    4200144db92329f3a57ea1335e28073347100d3f

  • SHA256

    08e5c20c4058f95ab6f34694e94766681188b21d6729961e4b7fb0e7c4d6f6cc

  • SHA512

    1181912a5a1ba9c91b0c8da5dcb507beabdb479cd2b8de2b54d7a4e91202195b92b722b214cf90b96b71b606f8baf72a753bda09f9a3c5414ed9febd05181998

Score
10/10
dridex10121botnetloader

Malware Config

Extracted

Family

dridex

Botnet

10121

C2

87.98.218.33:443

54.38.143.246:691

92.38.128.47:3389

159.65.79.173:3886
rc4.plain
rc4.plain

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Loader 1 IoCs

    Detects Dridex both x86 and x64 loader in memory.

    botnetloader

Processes

  • C:\Users\Admin\AppData\Local\Temp\08e5c20c4058f95ab6f34694e94766681188b21d6729961e4b7fb0e7c4d6f6cc.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5c20c4058f95ab6f34694e94766681188b21d6729961e4b7fb0e7c4d6f6cc.exe"
    1⤵
      PID:1852

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1852-0-0x0000000000400000-0x000000000042D000-memory.dmp
      Filesize

      180KB

      Download