dridex | 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0

General

Target

3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Size

167KB
MD5

0b2c355e45dc8fc2dff5a2b46aa81e5b
SHA1

e485b5133a03328bd7642f138c67ebe9befe2706
SHA256

3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0
SHA512

262dec8537c42e037117da4a93741afb5531e45e5df0586eb92af21066159bd3d946e6756a3fd16b362b5841ca02ce8aa0715dd4c583cf64f1d5b4f1ada4d619

Score

10^/10

dridex botnet loader

Malware Config

Extracted

Family

dridex

C2

46.105.131.86:443

5.39.91.110:691

5.133.242.156:170

64.22.124.239:691

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Dridex Loader 1 IoCs

Detects Dridex both x86 and x64 loader in memory.

botnet loader

Processes:

resource	yara_rule
behavioral1/memory/2036-54-0x0000000000400000-0x0000000000429000-memory.dmp	dridex_ldr

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe

description	pid	process
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Token: SeShutdownPrivilege	2036	3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe

C:\Users\Admin\AppData\Local\Temp\3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
"C:\Users\Admin\AppData\Local\Temp\3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2036

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2036-54-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2036-57-0x0000000000230000-0x0000000000236000-memory.dmp

Filesize
24KB

Download

Analysis

Sharing