Fhdtme10.bin

General
Target

Fhdtme10.bin.dll

Filesize

590KB

Completed

20-11-2020 05:31

Score
10 /10
MD5

429d63af6c900c0c2f7c2b82dec86a7e

SHA1

6f3c788b9223c6d99d34235c86bcc00056a2c73f

SHA256

b6c782d71a48aaf6b23d0c9f2f6490c008d8f3f87d43b3c1a6f18343ddc63874

Malware Config

Extracted

Family dridex
Botnet 10555
C2

162.241.44.26:9443

192.232.229.53:4443

77.220.64.34:443

193.90.12.121:3098

rc4.plain
rc4.plain
Signatures 3

Filter: none

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Reported IOCs

    resourceyara_rule
    behavioral2/memory/1136-1-0x0000000004ED0000-0x0000000004F0D000-memory.dmpdridex_ldr
  • Suspicious use of WriteProcessMemory
    rundll32.exe

    Reported IOCs

    descriptionpidprocesstarget process
    PID 828 wrote to memory of 1136828rundll32.exerundll32.exe
    PID 828 wrote to memory of 1136828rundll32.exerundll32.exe
    PID 828 wrote to memory of 1136828rundll32.exerundll32.exe
Processes 2
  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Fhdtme10.bin.dll,#1
    Suspicious use of WriteProcessMemory
    PID:828
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\Fhdtme10.bin.dll,#1
      PID:1136
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • memory/1136-0-0x0000000000000000-mapping.dmp

                          • memory/1136-1-0x0000000004ED0000-0x0000000004F0D000-memory.dmp