dridex | 03bb64d1d0d91623bd8d83e769e97d39cf8175584dce06bc07936a8050ee4e41

Analysis

Target

03bb64d1d0d91623bd8d83e769e97d39cf8175584dce06bc07936a8050ee4e41.dll
Size

562KB
MD5

3d0fffa0fe157c3bffb917e6a8d9da2e
SHA1

3e7f43dda78e1d8136bbbb1bf28667d4632c661e
SHA256

03bb64d1d0d91623bd8d83e769e97d39cf8175584dce06bc07936a8050ee4e41
SHA512

aede69afc0203edb7162e0fe48bdbc5ff6ab43945a478b5b0ccbb49aa81014778b1f14ceda25e21fd98bc224da24e962cc1124523a626f7488b3817dfeaeb926

Score

10^/10

Family

dridex

Botnet

10444

210.65.244.176:443

37.34.58.210:6601

77.220.64.141:5037

rc4.plain

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Dridex Loader 2 IoCs

Detects Dridex both x86 and x64 loader in memory.

resource	yara_rule
behavioral1/memory/2000-5-0x0000000074800000-0x000000007483D000-memory.dmp	dridex_ldr
behavioral1/memory/2000-6-0x0000000074800000-0x000000007483D000-memory.dmp	dridex_ldr

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1088 wrote to memory of 2000	1088	regsvr32.exe	26
PID 1088 wrote to memory of 2000	1088	regsvr32.exe	26
PID 1088 wrote to memory of 2000	1088	regsvr32.exe	26
PID 1088 wrote to memory of 2000	1088	regsvr32.exe	26
PID 1088 wrote to memory of 2000	1088	regsvr32.exe	26
PID 1088 wrote to memory of 2000	1088	regsvr32.exe	26
PID 1088 wrote to memory of 2000	1088	regsvr32.exe	26

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\03bb64d1d0d91623bd8d83e769e97d39cf8175584dce06bc07936a8050ee4e41.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1088
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\03bb64d1d0d91623bd8d83e769e97d39cf8175584dce06bc07936a8050ee4e41.dll
  2⤵
  PID:2000

memory/1088-2-0x000007FEFBDA1000-0x000007FEFBDA3000-memory.dmp

Filesize
8KB

Download
memory/1220-8-0x000007FEF7900000-0x000007FEF7B7A000-memory.dmp

Filesize
2.5MB

Download
memory/2000-4-0x0000000075D61000-0x0000000075D63000-memory.dmp

Filesize
8KB

Download
memory/2000-5-0x0000000074800000-0x000000007483D000-memory.dmp

Filesize
244KB

Download
memory/2000-6-0x0000000074800000-0x000000007483D000-memory.dmp

Filesize
244KB

Download
memory/2000-7-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download