Analysis
-
max time kernel
47s -
max time network
113s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
22-01-2021 02:09
General
-
Target
SecuriteInfo.com.Trojan.Dridex.735.4639.21745.dll
-
Size
848KB
-
MD5
3e93dcf625ee1f66fbb247c0de88feb5
-
SHA1
a6ad0a26067dea33b7ec42ec6b7764862103030f
-
SHA256
6628e8dc46b9a20fd44b83573e692c13fbfd7a970d5062dfa3f4bc96e0989525
-
SHA512
a287c2254f9f2b6a2909e1c3eb4e696b8c8ad8f5f1b44fa9d9b9c13d91545a9fc5252f84d5f5471f30ae558901102eb18474ef05334b915830e84ebf635b1f09
Score
10/10
Malware Config
Extracted
Family
dridex
Botnet
10444
C2
194.225.58.214:443
211.110.44.63:5353
69.164.207.140:3388
198.57.200.100:3786
rc4.plain
rc4.plain
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Loader 3 IoCs
Detects Dridex both x86 and x64 loader in memory.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Dridex.735.4639.21745.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Dridex.735.4639.21745.dll2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/8-2-0x0000000000000000-mapping.dmp
-
memory/8-3-0x0000000073C70000-0x0000000073CAD000-memory.dmpFilesize
244KB
-
memory/8-4-0x0000000073C70000-0x0000000073CAD000-memory.dmpFilesize
244KB
-
memory/8-5-0x0000000002F40000-0x0000000002F41000-memory.dmpFilesize
4KB
-
memory/8-6-0x0000000073C70000-0x0000000073CAD000-memory.dmpFilesize
244KB