dridex | 7dd8bbb9b93ed61a35759dc69b44f1a250a8ee942cf331218918500e81ed1635 | Triage

Analysis

max time kernel
122s
max time network
134s
platform
windows7_x64
resource
win7-en-20211208
submitted
01-02-2022 10:01

Sharing

Report Analysis Logs

General

Target

7dd8bbb9b93ed61a35759dc69b44f1a250a8ee942cf331218918500e81ed1635.dll
Size

361KB
MD5

b48e451bae8073a323a9c6038f950734
SHA1

5a7d276a64bb12b1b312c77da71360b88f793985
SHA256

7dd8bbb9b93ed61a35759dc69b44f1a250a8ee942cf331218918500e81ed1635
SHA512

f9f1df09cc303efe037d76e9632e1021b6033eab489a7bef290aa9d5348a18cb6dc50ebcbc08cc00a00aebdc4ce6bbed763ec601a1d08348a1934e7c4f79a03a

Score

10^/10

dridex 10555 botnet

Malware Config

Extracted

Family

dridex

Botnet

10555

C2

79.137.83.50:443

173.212.212.173:3074

80.86.81.31:3389

85.25.185.155:691

rc4.plain

rc4.plain

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1600 wrote to memory of 1924	1600	rundll32.exe	rundll32.exe
PID 1600 wrote to memory of 1924	1600	rundll32.exe	rundll32.exe
PID 1600 wrote to memory of 1924	1600	rundll32.exe	rundll32.exe
PID 1600 wrote to memory of 1924	1600	rundll32.exe	rundll32.exe
PID 1600 wrote to memory of 1924	1600	rundll32.exe	rundll32.exe
PID 1600 wrote to memory of 1924	1600	rundll32.exe	rundll32.exe
PID 1600 wrote to memory of 1924	1600	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7dd8bbb9b93ed61a35759dc69b44f1a250a8ee942cf331218918500e81ed1635.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1600

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7dd8bbb9b93ed61a35759dc69b44f1a250a8ee942cf331218918500e81ed1635.dll,#1
2⤵
PID:1924

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1924-54-0x0000000075CE1000-0x0000000075CE3000-memory.dmp

Filesize
8KB

Download
memory/1924-55-0x0000000073060000-0x000000007308C000-memory.dmp

Filesize
176KB

Download
memory/1924-56-0x0000000073060000-0x0000000073FCB000-memory.dmp

Filesize
15.4MB

Download
memory/1924-58-0x0000000000170000-0x0000000000171000-memory.dmp

Filesize
4KB

Download