dridex | 55606ec0621d4ab138128ead35eac831c0411c1916c875aa45095119c7ed61cd | Triage

Analysis

max time kernel
42s
max time network
19s
platform
windows7_x64
resource
win7v20201028
submitted
17-11-2020 11:30

Sharing

Report Analysis Logs

General

Target

872170525ea189b963304abd9e3db83b.exe
Size

392KB
MD5

9d1ee734aebefda9a0225a66012388d5
SHA1

5c08de8be6437ca68d67aa97a4d40e7559f7605e
SHA256

55606ec0621d4ab138128ead35eac831c0411c1916c875aa45095119c7ed61cd
SHA512

e9f9e098f5fd0016e9446553eab9ef3a141bf66180dd69e90da109b00a5084efbeb9d6205f600fc2d01142d07365b7a4c1720eb90204157682edeff2ddb98a8a

Score

10^/10

dridex 10121 botnet loader

Malware Config

Extracted

Family

dridex

Botnet

10121

C2

87.98.218.33:443

54.38.143.246:691

92.38.128.47:3389

159.65.79.173:3886

rc4.plain

rc4.plain

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Dridex Loader 1 IoCs

Detects Dridex both x86 and x64 loader in memory.

Processes:

resource	yara_rule
behavioral1/memory/1916-0-0x0000000000400000-0x000000000042D000-memory.dmp	dridex_ldr

C:\Users\Admin\AppData\Local\Temp\872170525ea189b963304abd9e3db83b.exe
"C:\Users\Admin\AppData\Local\Temp\872170525ea189b963304abd9e3db83b.exe"
1⤵
PID:1916

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1916-0-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download