dridex | 25211331af23100e2c90643d9f73cf85a2ce830f10ebc0878c83a3195e7d58a1 | Triage

Analysis

max time kernel
100s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
11-06-2022 20:04

Sharing

Report Analysis Logs

General

Target

25211331af23100e2c90643d9f73cf85a2ce830f10ebc0878c83a3195e7d58a1.exe
Size

292KB
MD5

2bdade0a5e081d53d4df491da8c86618
SHA1

3ee31f1e7756ed2215e08f5626cf6ee6223bc239
SHA256

25211331af23100e2c90643d9f73cf85a2ce830f10ebc0878c83a3195e7d58a1
SHA512

b7b699212f609ccbc74fc409cc822d79af893b892064e0e541b45d94e7c7ad05a624923e67d32c3fabf9dc7c74724a5a37fc833e536bacd84b3fe2e9361e123c

Score

10^/10

dridex botnet loader

Malware Config

Extracted

Family

dridex

C2

138.197.76.168:443

5.133.242.156:170

5.39.91.110:691

85.234.143.94:170

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Dridex Loader 1 IoCs

Detects Dridex both x86 and x64 loader in memory.

Processes:

resource	yara_rule
behavioral2/memory/3896-130-0x000000000AD70000-0x000000000ADC3000-memory.dmp	dridex_ldr

C:\Users\Admin\AppData\Local\Temp\25211331af23100e2c90643d9f73cf85a2ce830f10ebc0878c83a3195e7d58a1.exe
"C:\Users\Admin\AppData\Local\Temp\25211331af23100e2c90643d9f73cf85a2ce830f10ebc0878c83a3195e7d58a1.exe"
1⤵
PID:3896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3896-130-0x000000000AD70000-0x000000000ADC3000-memory.dmp

Filesize
332KB

Download
memory/3896-132-0x0000000000E10000-0x0000000000E16000-memory.dmp

Filesize
24KB

Download