dridex | 1999fb25e7db0ed2dd684a5e2cf2cf2c31c7902f2fe0d004ddbc875c4d5ed396 | Triage

Analysis

max time kernel
40s
max time network
47s
platform
windows7_x64
resource
win7-20220414-en
submitted
08-06-2022 06:01

Sharing

Report Analysis Logs

General

Target

1999fb25e7db0ed2dd684a5e2cf2cf2c31c7902f2fe0d004ddbc875c4d5ed396.exe
Size

398KB
MD5

590c8e3fe01165c92818941656444229
SHA1

4af1b4a1e36f18d89646f918d965dfe815bfd16e
SHA256

1999fb25e7db0ed2dd684a5e2cf2cf2c31c7902f2fe0d004ddbc875c4d5ed396
SHA512

3283d373b61dc219f6c0c644566547db89aa2eb50c200b4c64f7df687d379d16f10520df6598bdea466bb01fc89dd515e833d77d3b796f6902755e3055ab322f

Score

10^/10

dridex botnet loader

Malware Config

Extracted

Family

dridex

C2

136.243.32.231:443

64.22.124.239:691

138.197.76.168:443

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Dridex Loader 1 IoCs

Detects Dridex both x86 and x64 loader in memory.

Processes:

resource	yara_rule
behavioral1/memory/1592-56-0x0000000000400000-0x0000000000479000-memory.dmp	dridex_ldr

C:\Users\Admin\AppData\Local\Temp\1999fb25e7db0ed2dd684a5e2cf2cf2c31c7902f2fe0d004ddbc875c4d5ed396.exe
"C:\Users\Admin\AppData\Local\Temp\1999fb25e7db0ed2dd684a5e2cf2cf2c31c7902f2fe0d004ddbc875c4d5ed396.exe"
1⤵
PID:1592

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1592-54-0x000000000032D000-0x0000000000345000-memory.dmp

Filesize
96KB

Download
memory/1592-55-0x000000000032D000-0x0000000000345000-memory.dmp

Filesize
96KB

Download
memory/1592-56-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download