dridex | 20aa97b838f08205d972dac7e6a3bd522232f6c75d709a6b8beb512b92fd20ed | Triage

Analysis

max time kernel
20s
max time network
119s
platform
windows10_x64
resource
win10v20201028
submitted
15-11-2020 23:08

Sharing

Report Analysis Logs

General

Target

20aa97b838f08205d972dac7e6a3bd522232f6c75d709a6b8beb512b92fd20ed.exe
Size

511KB
MD5

7c8eb17dcda03499edebd8b5e6ba0010
SHA1

f7a6eb759b2c512dc83264d506b2ce2c572297f2
SHA256

20aa97b838f08205d972dac7e6a3bd522232f6c75d709a6b8beb512b92fd20ed
SHA512

56225e158e507a464f9ef13c9a4ad428728160f42a49f0dac65421ca4da8017ba819dc2ed1526d5794854ff25caacbd959412c41ba0345736f156c18d9fbb64c

Score

10^/10

dridex 10111 botnet loader

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

5.9.178.143:443

2.58.16.89:8443

37.139.2.140:3889

rc4.plain

rc4.plain

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Dridex Loader 1 IoCs

Detects Dridex both x86 and x64 loader in memory.

Processes:

resource	yara_rule
behavioral2/memory/632-0-0x0000000000400000-0x000000000043D000-memory.dmp	dridex_ldr

C:\Users\Admin\AppData\Local\Temp\20aa97b838f08205d972dac7e6a3bd522232f6c75d709a6b8beb512b92fd20ed.exe
"C:\Users\Admin\AppData\Local\Temp\20aa97b838f08205d972dac7e6a3bd522232f6c75d709a6b8beb512b92fd20ed.exe"
1⤵
PID:632

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/632-0-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download