dridex | 451f265255305c331d282dc670f7bc1c18730e852ac7d605385421fd83bf7e34 | Triage

Analysis

max time kernel
129s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
07-03-2022 12:08

Sharing

Report Analysis Logs

General

Target

451f265255305c331d282dc670f7bc1c18730e852ac7d605385421fd83bf7e34.dll
Size

356KB
MD5

127de5b6f2a523f581a98df0f70cf606
SHA1

eb8c766d2975598a8743467390294cb54088c0d9
SHA256

451f265255305c331d282dc670f7bc1c18730e852ac7d605385421fd83bf7e34
SHA512

7fd1b600435fe3349e0a4359595a84d8eac527708cae452628598a84726a26b5bc6300e9deaa24f76e8fff8a5c1af042886b7a1b665fb6d8e8f728ed17eabab8

Score

10^/10

dridex 10555 botnet

Malware Config

Extracted

Family

dridex

Botnet

10555

C2

175.126.167.148:443

173.249.20.233:8043

162.241.204.233:4443

138.122.143.40:8043

rc4.plain

rc4.plain

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3372 wrote to memory of 3160	3372	rundll32.exe	rundll32.exe
PID 3372 wrote to memory of 3160	3372	rundll32.exe	rundll32.exe
PID 3372 wrote to memory of 3160	3372	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\451f265255305c331d282dc670f7bc1c18730e852ac7d605385421fd83bf7e34.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3372

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\451f265255305c331d282dc670f7bc1c18730e852ac7d605385421fd83bf7e34.dll,#1
2⤵
PID:3160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3160-130-0x0000000002A60000-0x0000000002A9D000-memory.dmp

Filesize
244KB

Download