dridex | 115aadf551d130f5485bc57f0eb7a5dad8182cd27072772fd07f6b30846704e3 | Triage

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
02-05-2022 00:13

Sharing

Report Analysis Logs

General

Target

115aadf551d130f5485bc57f0eb7a5dad8182cd27072772fd07f6b30846704e3.exe
Size

662KB
MD5

23f6bb92bc26d91c85dc5bc7ef39dc13
SHA1

d447edcb50992d48047098e4d5cefc6f5ff0d380
SHA256

115aadf551d130f5485bc57f0eb7a5dad8182cd27072772fd07f6b30846704e3
SHA512

96792671ecc13f9ac5d4d526ca7bcb821e9a2355195a22fde51c5f5c4a805140b4f235351b59d00687bc1c576b648de40486aaf55190093a2615e9f683039592

Score

10^/10

dridex 10111 botnet loader

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

5.9.178.143:443

185.230.161.62:3389

2.58.16.89:8443

rc4.plain

rc4.plain

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Dridex Loader 'dmod' strings 1 IoCs

Detects 'dmod' strings in Dridex loader.

Processes:

resource	yara_rule
behavioral1/memory/1152-56-0x0000000000400000-0x00000000004AC000-memory.dmp	dridex_ldr_dmod

C:\Users\Admin\AppData\Local\Temp\115aadf551d130f5485bc57f0eb7a5dad8182cd27072772fd07f6b30846704e3.exe
"C:\Users\Admin\AppData\Local\Temp\115aadf551d130f5485bc57f0eb7a5dad8182cd27072772fd07f6b30846704e3.exe"
1⤵
PID:1152

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1152-54-0x00000000763E1000-0x00000000763E3000-memory.dmp

Filesize
8KB

Download
memory/1152-55-0x00000000001B0000-0x00000000001E9000-memory.dmp

Filesize
228KB

Download
memory/1152-56-0x0000000000400000-0x00000000004AC000-memory.dmp

Filesize
688KB

Download