dridex | tmp/f99d1236a1f56745c2fcee8e97b464595c2d8af5caeec99a95532de28f74d055[.]exe | Triage

Sharing

General

Target

tmp/f99d1236a1f56745c2fcee8e97b464595c2d8af5caeec99a95532de28f74d055.exe
Size

132KB
MD5

1eabb6d464f7245f5a357600e5fbcdb2
SHA1

751c3e9c19fc62ead178f2554ef2c3965ff2b33f
SHA256

f99d1236a1f56745c2fcee8e97b464595c2d8af5caeec99a95532de28f74d055
SHA512

026cab0412480de005d4d0dd9177510a145b1658f2f3158bf91ab46d2cf303ebec553d4c4240b6e184891fc34c4987ea89f3856e68756e857a7fe8ec9fa1790c

Score

10^/10

botnet loader 22202 dridex

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

185.122.58.89:443

136.144.131.189:808

50.116.109.66:8172

rc4.plain

rc4.plain

Signatures

Dridex Loader 1 IoCs
Detects Dridex both x86 and x64 loader in memory.
botnet loader

Processes:

resource yara_rule

sample dridex_ldr
Dridex family
dridex

Files

tmp/f99d1236a1f56745c2fcee8e97b464595c2d8af5caeec99a95532de28f74d055.exe
.dll windows x86

Exports

Exports

BindImage
FindFileInPath
GetSymLoadError
ImageGetDigestStream
ImageLoad
ImageUnload
RemoveRelocations
SymFreeDiaString
SymGetDiaSession