Overview

overview

10

Static

static

9

3c400726f0...1d.exe

windows7_x64

10

3c400726f0...1d.exe

windows10_x64

10

Analysis

  • max time kernel
    50s
  • max time network
    135s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    18-05-2021 05:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3c400726f0417e40e9eff27f87733dca8edee26f49b58fa26e78e7355bf9ff1d.exe

  • Size

    371KB

  • MD5

    9a4538d3d6531fc700f23273f9c12c44

  • SHA1

    f44927f8372340eb6352b538ae546752569ee736

  • SHA256

    3c400726f0417e40e9eff27f87733dca8edee26f49b58fa26e78e7355bf9ff1d

  • SHA512

    a465a811f704653bfc9c68cd0929ab6328fb2816ee7f9deeaf54bf5961d35b85c13a7e9f1424afb127135a902d411550c22306003b3e8da1534eb8a89846cd2c

Score
10/10
dridexbotnetloader

Malware Config

Extracted

Family

dridex

C2

164.132.75.109:443

89.22.113.245:691

81.2.235.155:8443

212.53.140.12:3389

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Loader 1 IoCs

    Detects Dridex both x86 and x64 loader in memory.

    botnetloader

Processes

  • C:\Users\Admin\AppData\Local\Temp\3c400726f0417e40e9eff27f87733dca8edee26f49b58fa26e78e7355bf9ff1d.exe
    "C:\Users\Admin\AppData\Local\Temp\3c400726f0417e40e9eff27f87733dca8edee26f49b58fa26e78e7355bf9ff1d.exe"
    1⤵
      PID:860

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/860-114-0x00000000021A0000-0x00000000021C6000-memory.dmp
      Filesize

      152KB

      Download
    • memory/860-115-0x0000000000400000-0x000000000045F000-memory.dmp
      Filesize

      380KB

      Download