Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    26s
  • max time network
    116s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    19-06-2021 10:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    77252886d955e4cbe6cf8229776270f1e344e6863e67e683054d862fec45830c.dll

  • Size

    160KB

  • MD5

    f5b1d0a658763265c791d7a0b5475eee

  • SHA1

    b5ffc647b4e2d378817f23c66f448361293dca43

  • SHA256

    77252886d955e4cbe6cf8229776270f1e344e6863e67e683054d862fec45830c

  • SHA512

    09583fa283bc5ee8966a49df1ee14068465d606e0dfd0b02874da007068ac7b51e3fe05e21adf447a3c9e0a5131b70d99bdd2e9d0b142496e740d5e7e6b8ea0b

Score
10/10
dridex40111botnetevasionloadertrojan

Malware Config

Extracted

Family

dridex

Botnet

40111

C2

94.247.168.64:443

159.203.93.122:8172

50.116.27.97:2303
rc4.plain
rc4.plain

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Loader 1 IoCs

    Detects Dridex both x86 and x64 loader in memory.

    botnetloader
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\77252886d955e4cbe6cf8229776270f1e344e6863e67e683054d862fec45830c.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:900
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\77252886d955e4cbe6cf8229776270f1e344e6863e67e683054d862fec45830c.dll,#1
      2⤵
      • Checks whether UAC is enabled
      PID:2092

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2092-114-0x0000000000000000-mapping.dmp

    Download

  • memory/2092-115-0x0000000073ED0000-0x0000000073EFE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2092-117-0x00000000007D0000-0x00000000007D6000-memory.dmp

    Filesize

    24KB

    Download