Overview

overview

10

Static

static

1f2780d6aa...02.exe

windows7_x64

10

1f2780d6aa...02.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    41s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    12-06-2022 18:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1f2780d6aa6e6076ab9c831b285b5ec486fc9fedac5c1c3a37bbdeea6ca74302.exe

  • Size

    164KB

  • MD5

    37fdb8a53694e2b81305a600a150a639

  • SHA1

    6bcd34fb44fa8319ff9496fee2b7d77e1d4b42df

  • SHA256

    1f2780d6aa6e6076ab9c831b285b5ec486fc9fedac5c1c3a37bbdeea6ca74302

  • SHA512

    f3591de6a15a7881524b2868b5929b99c24ce1374465657f610927fb283b73abe7fd37cd3f6d0745fb22b85053e6241c5a79c389e33ca9aa2a33d5861b4a8608

Score
10/10
dridexbotnetloader

Malware Config

Extracted

Family

dridex

C2

92.222.216.44:443

69.55.238.203:3389

198.199.106.229:5900

178.254.38.200:884

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Loader 1 IoCs

    Detects Dridex both x86 and x64 loader in memory.

    botnetloader

Processes

  • C:\Users\Admin\AppData\Local\Temp\1f2780d6aa6e6076ab9c831b285b5ec486fc9fedac5c1c3a37bbdeea6ca74302.exe
    "C:\Users\Admin\AppData\Local\Temp\1f2780d6aa6e6076ab9c831b285b5ec486fc9fedac5c1c3a37bbdeea6ca74302.exe"
    1⤵
      PID:1856

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1856-54-0x0000000000C50000-0x0000000000C7A000-memory.dmp
      Filesize

      168KB

      Download
    • memory/1856-57-0x0000000000080000-0x0000000000086000-memory.dmp
      Filesize

      24KB

      Download