Overview

overview

10

Static

static

9

95da382150...12.exe

windows7_x64

10

95da382150...12.exe

windows10_x64

10

Analysis

  • max time kernel
    76s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    15-11-2020 23:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    95da3821502bdd543aea4407bc691e892e060af6aa285846574403d2b4885912.exe

  • Size

    392KB

  • MD5

    275bd6c0a1a409d8eb2daa02d95b9ed9

  • SHA1

    bde29b62caf4afd7b639362a4aa853c995031571

  • SHA256

    95da3821502bdd543aea4407bc691e892e060af6aa285846574403d2b4885912

  • SHA512

    a16a61b064db2d9b0f30b088cad9509a8a88dfc06e6c62a0dcce0775134231e7b9d172644303a07ae5091f628a48c46a5a8dee9cb6b7b8b7fe19ee43dc8150b7

Score
10/10
dridex10121botnetloader

Malware Config

Extracted

Family

dridex

Botnet

10121

C2

87.98.218.33:443

54.38.143.246:691

92.38.128.47:3389

159.65.79.173:3886
rc4.plain
rc4.plain

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Loader 1 IoCs

    Detects Dridex both x86 and x64 loader in memory.

    botnetloader

Processes

  • C:\Users\Admin\AppData\Local\Temp\95da3821502bdd543aea4407bc691e892e060af6aa285846574403d2b4885912.exe
    "C:\Users\Admin\AppData\Local\Temp\95da3821502bdd543aea4407bc691e892e060af6aa285846574403d2b4885912.exe"
    1⤵
      PID:1672

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1672-0-0x0000000000400000-0x000000000042D000-memory.dmp
      Filesize

      180KB

      Download