dridex | 260db678801137488c7c048a9df213ab927747018c0351723155e135faa347a6 | Triage

Analysis

max time kernel
40s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
16-06-2022 09:48

Sharing

Report Analysis Logs

General

Target

260db678801137488c7c048a9df213ab927747018c0351723155e135faa347a6.exe
Size

204KB
MD5

e6a9a8f486c5b28ff455b0055e8a9d2c
SHA1

b97c0cf60c038016315ba0e21d83e566feeda921
SHA256

260db678801137488c7c048a9df213ab927747018c0351723155e135faa347a6
SHA512

0a69d4999d4584f9eb6fbb663dfb5e8b0869663ff08c864db9dcf2a5a5b750bd1d6f3aab7425b8058099cfbde6280a9857609825d18fa5ad83a6ae80a230d59e

Score

10^/10

dridex botnet loader

Malware Config

Extracted

Family

dridex

C2

45.137.151.151:443

50.116.86.205:8443

91.205.215.68:3389

107.170.24.125:8443

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Dridex Loader 1 IoCs

Detects Dridex both x86 and x64 loader in memory.

Processes:

resource	yara_rule
behavioral1/memory/1676-54-0x0000000000960000-0x0000000000995000-memory.dmp	dridex_ldr

C:\Users\Admin\AppData\Local\Temp\260db678801137488c7c048a9df213ab927747018c0351723155e135faa347a6.exe
"C:\Users\Admin\AppData\Local\Temp\260db678801137488c7c048a9df213ab927747018c0351723155e135faa347a6.exe"
1⤵
PID:1676

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1676-54-0x0000000000960000-0x0000000000995000-memory.dmp

Filesize
212KB

Download
memory/1676-57-0x0000000000080000-0x0000000000086000-memory.dmp

Filesize
24KB

Download