dridex | 80f32b32d9b3b455935c2e21d12afd9471ad59b674aabe040443b39c6994829e | Triage

Analysis

max time kernel
98s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
02-05-2022 00:13

Sharing

Report Analysis Logs

General

Target

80f32b32d9b3b455935c2e21d12afd9471ad59b674aabe040443b39c6994829e.exe
Size

450KB
MD5

ae6cf592a7918eeb32582e3320750a13
SHA1

63885d7b3f4112823f9a4c64dc20022d29473e5c
SHA256

80f32b32d9b3b455935c2e21d12afd9471ad59b674aabe040443b39c6994829e
SHA512

dd352a1c608ba5beb65b95b8a05394a34310450d44e187c8de4d1b5bc0d7144f38c95ff4cc59118915cad261922ff296cf26870c3555e5631e9b28bc7d0c6a6e

Score

10^/10

dridex 10111 botnet loader

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

5.9.178.143:443

185.230.161.62:3389

2.58.16.89:8443

rc4.plain

rc4.plain

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Dridex Loader 'dmod' strings 1 IoCs

Detects 'dmod' strings in Dridex loader.

Processes:

resource	yara_rule
behavioral2/memory/4796-131-0x0000000000400000-0x0000000000473000-memory.dmp	dridex_ldr_dmod

C:\Users\Admin\AppData\Local\Temp\80f32b32d9b3b455935c2e21d12afd9471ad59b674aabe040443b39c6994829e.exe
"C:\Users\Admin\AppData\Local\Temp\80f32b32d9b3b455935c2e21d12afd9471ad59b674aabe040443b39c6994829e.exe"
1⤵
PID:4796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4796-130-0x0000000002200000-0x0000000002239000-memory.dmp

Filesize
228KB

Download
memory/4796-131-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download