dridex | 905960957f03c7a56deaee448ac8fff59f7aad97619ee5a98eb220b9cebee849 | Triage

Analysis

max time kernel
134s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
11-06-2022 17:06

Sharing

Report Analysis Logs

General

Target

v2x2vexx.dll
Size

638KB
MD5

e5a1785a5b06c596107a75eb1e51454b
SHA1

3e44a3cb67613f11aae1f9189cbd9ea100d3a1f2
SHA256

905960957f03c7a56deaee448ac8fff59f7aad97619ee5a98eb220b9cebee849
SHA512

b046c5a02446652df5271b97b3785ba6d5e593cc639388f3c22e4c3ef9ecf2fab3fc08c761e9c167e8840aa12fcdfa9a978d9409e165890306a64d987e7c373f

Score

10^/10

dridex 10444 botnet

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

193.37.215.79:443

81.2.235.131:1688

178.63.156.139:3388

rc4.plain

rc4.plain

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3308 wrote to memory of 3660	3308	rundll32.exe	rundll32.exe
PID 3308 wrote to memory of 3660	3308	rundll32.exe	rundll32.exe
PID 3308 wrote to memory of 3660	3308	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\v2x2vexx.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3308

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\v2x2vexx.dll,#1
2⤵
PID:3660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3660-130-0x0000000000000000-mapping.dmp

Download
memory/3660-131-0x0000000000750000-0x000000000079B000-memory.dmp

Filesize
300KB

Download
memory/3660-132-0x0000000000BF0000-0x0000000000C2D000-memory.dmp

Filesize
244KB

Download