dridex | f5dce0d1a8fb0f0f905a7f20714e5b4e8788041fc61222641c362f1f8fe860d6 | Triage

Analysis

max time kernel
28s
max time network
52s
platform
windows7_x64
resource
win7-20220414-en
submitted
12-05-2022 12:18

Sharing

Report Analysis Logs

General

Target

f5dce0d1a8fb0f0f905a7f20714e5b4e8788041fc61222641c362f1f8fe860d6.exe
Size

738KB
MD5

e9a67d468109255b5ec498ae5a3a208f
SHA1

d12b135e79364468250b49e8e3cb20063dd8c2eb
SHA256

f5dce0d1a8fb0f0f905a7f20714e5b4e8788041fc61222641c362f1f8fe860d6
SHA512

99f9b888c8d7d5bd6750d921c36af2c7d225029d80ea476166f0d8ba177683b11fc3a08bcd715caf0433c29bd83b029eb6575f86d4dcd55c1062b70d4c1d9cd5

Score

10^/10

dridex 10111 botnet loader

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

5.9.178.143:443

185.230.161.62:3389

2.58.16.89:8443

rc4.plain

rc4.plain

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Dridex Loader 'dmod' strings 1 IoCs

Detects 'dmod' strings in Dridex loader.

Processes:

resource	yara_rule
behavioral1/memory/1904-56-0x0000000000400000-0x00000000004BC000-memory.dmp	dridex_ldr_dmod

C:\Users\Admin\AppData\Local\Temp\f5dce0d1a8fb0f0f905a7f20714e5b4e8788041fc61222641c362f1f8fe860d6.exe
"C:\Users\Admin\AppData\Local\Temp\f5dce0d1a8fb0f0f905a7f20714e5b4e8788041fc61222641c362f1f8fe860d6.exe"
1⤵
PID:1904

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1904-54-0x00000000757C1000-0x00000000757C3000-memory.dmp

Filesize
8KB

Download
memory/1904-55-0x00000000003A0000-0x00000000003D9000-memory.dmp

Filesize
228KB

Download
memory/1904-56-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download