dridex | tmp/4301e7b9930f5dd947d54f9f3bf287eb4e925c31942ecf0eab4a0c79c29fd39d[.]exe | Triage

Sharing

General

Target

tmp/4301e7b9930f5dd947d54f9f3bf287eb4e925c31942ecf0eab4a0c79c29fd39d.exe
Size

132KB
MD5

7eff73c1b8448ce059f5b3be69ca05ca
SHA1

e7e851d35d466ce5302531749df6bcc8dcb46d6d
SHA256

4301e7b9930f5dd947d54f9f3bf287eb4e925c31942ecf0eab4a0c79c29fd39d
SHA512

da95c4518f109ef36ff09f7f468f8afc92f44686346ee0546be276fb9d77cecba7c60955d1a4ed170c7446bdd40fd0791ceb57e77531f13f1e33f221aec72b38

Score

10^/10

botnet loader 22202 dridex

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

185.122.58.89:443

136.144.131.189:808

50.116.109.66:8172

rc4.plain

rc4.plain

Signatures

Dridex Loader 1 IoCs
Detects Dridex both x86 and x64 loader in memory.
botnet loader

Processes:

resource yara_rule

sample dridex_ldr
Dridex family
dridex

Files

tmp/4301e7b9930f5dd947d54f9f3bf287eb4e925c31942ecf0eab4a0c79c29fd39d.exe
.dll windows x86

Exports

Exports

BindImage
FindFileInPath
GetSymLoadError
ImageGetDigestStream
ImageLoad
ImageUnload
RemoveRelocations
SymFreeDiaString
SymGetDiaSession