dridex | 1dd04f68980746cb71556b2b6c5bebf0f8d120051d1a76888d9c7af522f06642 | Triage

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
12-06-2022 23:22

Sharing

Report Analysis Logs

General

Target

1dd04f68980746cb71556b2b6c5bebf0f8d120051d1a76888d9c7af522f06642.exe
Size

200KB
MD5

53eef713bbf89419afeacb5bf7bddd29
SHA1

faed27d721fdbbd70d952c2a0c4639f08b2bcda3
SHA256

1dd04f68980746cb71556b2b6c5bebf0f8d120051d1a76888d9c7af522f06642
SHA512

045184776c800b7deaad48c42df853e119b33d2d01c952e76801bd7b8fb2b72128f4c559a644fb0e80d6c3c4951aab8a0b6a5ead3d2e24510dd7f1f814d3f719

Score

10^/10

dridex botnet loader

Malware Config

Extracted

Family

dridex

C2

82.165.152.64:3389

217.16.188.20:170

66.228.47.181:443

64.22.124.239:691

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Dridex Loader 1 IoCs

Detects Dridex both x86 and x64 loader in memory.

Processes:

resource	yara_rule
behavioral1/memory/1836-54-0x0000000001120000-0x0000000001152000-memory.dmp	dridex_ldr

C:\Users\Admin\AppData\Local\Temp\1dd04f68980746cb71556b2b6c5bebf0f8d120051d1a76888d9c7af522f06642.exe
"C:\Users\Admin\AppData\Local\Temp\1dd04f68980746cb71556b2b6c5bebf0f8d120051d1a76888d9c7af522f06642.exe"
1⤵
PID:1836

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1836-54-0x0000000001120000-0x0000000001152000-memory.dmp

Filesize
200KB

Download
memory/1836-57-0x00000000000A0000-0x00000000000A6000-memory.dmp

Filesize
24KB

Download