Resubmissions

07-04-2021 12:06

210407-shcgk1rst2 10

Analysis

  • max time kernel
    125s
  • max time network
    10s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    07-04-2021 12:06

General

  • Target

    2020-04-14_20-25-01.bin.exe

  • Size

    260KB

  • MD5

    8a988984d3a01e7462c7db414247f3ca

  • SHA1

    95dc47b625c5ae8b165658cc24bcaec136faf479

  • SHA256

    afb5161c6f1903013a24a6fcd3b39210df5025f776ea7c35ebc8911fef8e1cca

  • SHA512

    b59b64af284f697da946df3b09f8e9bd7e84bc924c07e33db1b07d470724e3bf437b2907bd226ee249afe84f646948d71613c782ffdadee2af3c02021ad24274

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

5.45.179.186:443

54.38.143.246:691

159.65.79.173:3886

153.122.13.133:1443

rc4.plain
rc4.plain

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

  • Dridex Loader 1 IoCs

    Detects Dridex both x86 and x64 loader in memory.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2020-04-14_20-25-01.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\2020-04-14_20-25-01.bin.exe"
    1⤵
      PID:776

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/776-2-0x0000000075C61000-0x0000000075C63000-memory.dmp
      Filesize

      8KB

    • memory/776-3-0x0000000000400000-0x000000000042A000-memory.dmp
      Filesize

      168KB

    • memory/776-4-0x00000000001B0000-0x00000000001DA000-memory.dmp
      Filesize

      168KB