dridex | tmp/7699789b45a892bf0247e1d3f6a2244abfe7c7c9eeec3a95e243e5383667de5b[.]exe | Triage

Sharing

General

Target

tmp/7699789b45a892bf0247e1d3f6a2244abfe7c7c9eeec3a95e243e5383667de5b.exe
Size

117KB
MD5

0be9e1cb47c8e4f69374e316d75c32f8
SHA1

2ca68ee1c3570042cd152f9714b6f89d0458bb20
SHA256

7699789b45a892bf0247e1d3f6a2244abfe7c7c9eeec3a95e243e5383667de5b
SHA512

1f30cec0cf56b96fd75dbd8b84667683486ba0857554d64e3719e854cdcb3f54720c14026c7e9e2a43618fce9c4d1abf5d7dbc4d746bfd5114a558fa274dbe41

Score

10^/10

botnet loader 22201 dridex

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

144.91.122.102:443

85.10.248.28:593

185.4.135.27:5228

80.211.3.13:8116

rc4.plain

rc4.plain

Signatures

Dridex Loader 1 IoCs
Detects Dridex both x86 and x64 loader in memory.
botnet loader

Processes:

resource yara_rule

sample dridex_ldr
Dridex family
dridex

Files

tmp/7699789b45a892bf0247e1d3f6a2244abfe7c7c9eeec3a95e243e5383667de5b.exe
.dll regsvr32 windows x86

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer