dridex | ceec2d7752b046d0e0119a794aae214e097ab074f728494bb6edab2fb5370b4b | Triage

Analysis

max time kernel
141s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20220310-en
submitted
24-03-2022 11:11

Sharing

Report Analysis Logs

General

Target

ceec2d7752b046d0e0119a794aae214e097ab074f728494bb6edab2fb5370b4b.dll
Size

355KB
MD5

821e56271da5d7ab18c6eb49cb14abf5
SHA1

be56ac4b532620d9b3ec88c9b2530de0a6499d6a
SHA256

ceec2d7752b046d0e0119a794aae214e097ab074f728494bb6edab2fb5370b4b
SHA512

79b2325efe8ad9e24e0f22ede0d824367986caf3133df86be86b89d39c8d4cd3811bc3ee0cca8746ceeea5c3c790b192be0cab7b2d9b005444f6756df97111f5

Score

10^/10

dridex 10555 botnet

Malware Config

Extracted

Family

dridex

Botnet

10555

C2

175.126.167.148:443

173.249.20.233:8043

162.241.204.233:4443

138.122.143.40:8043

rc4.plain

rc4.plain

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2212 wrote to memory of 1948	2212	rundll32.exe	rundll32.exe
PID 2212 wrote to memory of 1948	2212	rundll32.exe	rundll32.exe
PID 2212 wrote to memory of 1948	2212	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ceec2d7752b046d0e0119a794aae214e097ab074f728494bb6edab2fb5370b4b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2212

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ceec2d7752b046d0e0119a794aae214e097ab074f728494bb6edab2fb5370b4b.dll,#1
2⤵
PID:1948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1948-134-0x0000000000000000-mapping.dmp

Download
memory/1948-135-0x0000000002DA0000-0x0000000002DDD000-memory.dmp

Filesize
244KB

Download