Overview

overview

10

Static

static

1dd04f6898...42.exe

windows7_x64

10

1dd04f6898...42.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    102s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    12-06-2022 23:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1dd04f68980746cb71556b2b6c5bebf0f8d120051d1a76888d9c7af522f06642.exe

  • Size

    200KB

  • MD5

    53eef713bbf89419afeacb5bf7bddd29

  • SHA1

    faed27d721fdbbd70d952c2a0c4639f08b2bcda3

  • SHA256

    1dd04f68980746cb71556b2b6c5bebf0f8d120051d1a76888d9c7af522f06642

  • SHA512

    045184776c800b7deaad48c42df853e119b33d2d01c952e76801bd7b8fb2b72128f4c559a644fb0e80d6c3c4951aab8a0b6a5ead3d2e24510dd7f1f814d3f719

Score
10/10
dridexbotnetloader

Malware Config

Extracted

Family

dridex

C2

82.165.152.64:3389

217.16.188.20:170

66.228.47.181:443

64.22.124.239:691

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Loader 1 IoCs

    Detects Dridex both x86 and x64 loader in memory.

    botnetloader

Processes

  • C:\Users\Admin\AppData\Local\Temp\1dd04f68980746cb71556b2b6c5bebf0f8d120051d1a76888d9c7af522f06642.exe
    "C:\Users\Admin\AppData\Local\Temp\1dd04f68980746cb71556b2b6c5bebf0f8d120051d1a76888d9c7af522f06642.exe"
    1⤵
      PID:2992

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2992-130-0x00000000018D0000-0x0000000001902000-memory.dmp
      Filesize

      200KB

      Download
    • memory/2992-133-0x0000000001830000-0x0000000001836000-memory.dmp
      Filesize

      24KB

      Download