dridex | 65edcfa02ed54445bd9a4efa1586cee02712271155b669cffb3db35c5a252097 | Triage

Analysis

max time kernel
39s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
08-05-2022 06:40

Sharing

Report Analysis Logs

General

Target

65edcfa02ed54445bd9a4efa1586cee02712271155b669cffb3db35c5a252097.exe
Size

432KB
MD5

635146e05f126794d8518e34d7b743e1
SHA1

8e5e4a581672a3bd8b7b0a336dfeffee48afc550
SHA256

65edcfa02ed54445bd9a4efa1586cee02712271155b669cffb3db35c5a252097
SHA512

3cfb0e7f8b073d02d499d3193aafdb9ae33c1131d0175d9257d162c756a78b2cb0195beccde6ae963834e0ed40aa3c7a1606d6fae485f85d5f46fe9870cdd717

Score

10^/10

dridex 10111 botnet loader

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

5.9.178.143:443

185.230.161.62:3389

2.58.16.89:8443

rc4.plain

rc4.plain

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Dridex Loader 'dmod' strings 1 IoCs

Detects 'dmod' strings in Dridex loader.

Processes:

resource	yara_rule
behavioral1/memory/1840-56-0x0000000000400000-0x000000000046F000-memory.dmp	dridex_ldr_dmod

C:\Users\Admin\AppData\Local\Temp\65edcfa02ed54445bd9a4efa1586cee02712271155b669cffb3db35c5a252097.exe
"C:\Users\Admin\AppData\Local\Temp\65edcfa02ed54445bd9a4efa1586cee02712271155b669cffb3db35c5a252097.exe"
1⤵
PID:1840

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1840-54-0x0000000074F91000-0x0000000074F93000-memory.dmp

Filesize
8KB

Download
memory/1840-55-0x0000000000600000-0x0000000000639000-memory.dmp

Filesize
228KB

Download
memory/1840-56-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download