dridex | tmp/25b317eee0f008753b9c9c2de0efec5976493b89d30d91a5a65a4bf32a4872ce[.]exe | Triage

Sharing

General

Target

tmp/25b317eee0f008753b9c9c2de0efec5976493b89d30d91a5a65a4bf32a4872ce.exe
Size

117KB
MD5

06d3cb4ee8904249183e9193654f3aa8
SHA1

fc8b81a18f0b8705ac695b1bdd47290ff0cf97f4
SHA256

25b317eee0f008753b9c9c2de0efec5976493b89d30d91a5a65a4bf32a4872ce
SHA512

3f53e742f1f1bd0ad42cf9c8c6ffc79153579194d3b378336a047097925b937d4d56859474a91381c5788d093b9389ad02685905057dde19841da7bf6e53ff95

Score

10^/10

botnet loader 22203 dridex

Malware Config

Extracted

Family

dridex

Botnet

22203

C2

144.91.122.102:443

85.10.248.28:593

185.4.135.27:5228

80.211.3.13:8116

rc4.plain

rc4.plain

Signatures

Dridex Loader 1 IoCs
Detects Dridex both x86 and x64 loader in memory.
botnet loader

Processes:

resource yara_rule

sample dridex_ldr
Dridex family
dridex

Files

tmp/25b317eee0f008753b9c9c2de0efec5976493b89d30d91a5a65a4bf32a4872ce.exe
.dll regsvr32 windows x86

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer