dridex | tmp/e9964d0f6bcb438ae78ffce9a93359a48de8c8150d7eadde22578385f9fb42ad[.]exe | Triage

Sharing

General

Target

tmp/e9964d0f6bcb438ae78ffce9a93359a48de8c8150d7eadde22578385f9fb42ad.exe
Size

117KB
MD5

a44471e5bb6e5577698c0aff854f0bf1
SHA1

fee0a1f386c4b543d0de1797593ab04c17ae0262
SHA256

e9964d0f6bcb438ae78ffce9a93359a48de8c8150d7eadde22578385f9fb42ad
SHA512

6537f97a150544456f502270dc23320ff7f2e025d2bf808c5624a6a2d1c6a06a64c7651b421ab7bea297eeff86417eb0d48fda74231182841f8e4cc5c55de5e0

Score

10^/10

botnet loader 22203 dridex

Malware Config

Extracted

Family

dridex

Botnet

22203

C2

144.91.122.102:443

85.10.248.28:593

185.4.135.27:5228

80.211.3.13:8116

rc4.plain

rc4.plain

Signatures

Dridex Loader 1 IoCs
Detects Dridex both x86 and x64 loader in memory.
botnet loader

Processes:

resource yara_rule

sample dridex_ldr
Dridex family
dridex

Files

tmp/e9964d0f6bcb438ae78ffce9a93359a48de8c8150d7eadde22578385f9fb42ad.exe
.dll regsvr32 windows x86

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer