Overview

overview

10

Static

static

9

c64e6e7a18...9a.exe

windows7_x64

10

c64e6e7a18...9a.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    91s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    19-04-2022 04:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c64e6e7a18621216c9ce62ded0b9aed8d022e3aad12bbd4d641833282ff50f9a.exe

  • Size

    357KB

  • MD5

    aea2220d0abbe9972b82282b66a53507

  • SHA1

    aa5be15b31faedb8eeab6f2f6813c0e9ba9e17ea

  • SHA256

    c64e6e7a18621216c9ce62ded0b9aed8d022e3aad12bbd4d641833282ff50f9a

  • SHA512

    01449ffcbe03fcc727887152102a4bb7c043dbbc5e59da3846d795cf3775e1af4e3a364e0dd9c8c1ccef85b76eb7118c0c26cacd05ab95a908a4e2773133f01a

Score
10/10
dridex10111botnet

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

194.150.118.7:443

49.212.179.180:3889

69.64.62.4:4443
rc4.plain
rc4.plain

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex

Processes

  • C:\Users\Admin\AppData\Local\Temp\c64e6e7a18621216c9ce62ded0b9aed8d022e3aad12bbd4d641833282ff50f9a.exe
    "C:\Users\Admin\AppData\Local\Temp\c64e6e7a18621216c9ce62ded0b9aed8d022e3aad12bbd4d641833282ff50f9a.exe"
    1⤵
      PID:1708

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1708-130-0x0000000002080000-0x00000000020BC000-memory.dmp
      Filesize

      240KB

      Download
    • memory/1708-131-0x0000000000400000-0x000000000045C000-memory.dmp
      Filesize

      368KB

      Download