ef5ai1p.dll
General
Target
Filesize
Completed
ef5ai1p.dll
539KB
19-11-2020 18:08
Score
10
/10
MD5
SHA1
SHA256
1ba0b20a2d03d8af03a7faa42b06417f
4c528bb2afd93d8cb1199d05dc33d77e08f0ee88
f5951b345050e10fa0d3b70b42e6b56d5a720a7a67c381345e33c145e2ba2452
Malware Config
Extracted
| Family | dridex |
| Botnet | 10444 |
| C2 |
162.241.44.26:9443 192.232.229.53:4443 77.220.64.34:443 193.90.12.121:3098 |
| rc4.plain |
|
| rc4.plain |
|
Signatures 3
Filter: none
-
Dridex
Description
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
Tags
-
Dridex Loader
Description
Detects Dridex both x86 and x64 loader in memory.
Tags
Reported IOCs
resource yara_rule behavioral2/memory/4828-1-0x0000000000AC0000-0x0000000000AFD000-memory.dmp dridex_ldr -
Suspicious use of WriteProcessMemoryrundll32.exe
Reported IOCs
description pid process target process PID 4768 wrote to memory of 4828 4768 rundll32.exe rundll32.exe PID 4768 wrote to memory of 4828 4768 rundll32.exe rundll32.exe PID 4768 wrote to memory of 4828 4768 rundll32.exe rundll32.exe
Processes 2
-
C:\Windows\system32\rundll32.exePID:4768rundll32.exe C:\Users\Admin\AppData\Local\Temp\ef5ai1p.dll,#1Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exePID:4828rundll32.exe C:\Users\Admin\AppData\Local\Temp\ef5ai1p.dll,#1
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
memory/4828-0-0x0000000000000000-mapping.dmp
-
memory/4828-1-0x0000000000AC0000-0x0000000000AFD000-memory.dmp
Title
Loading Data