dridex | 3a0d64454066910e3c88696e28148e30e8d0a375f98a167753179596e1799bec | Triage

Analysis

max time kernel
36s
max time network
42s
platform
windows7_x64
resource
win7-20220414-en
submitted
25-06-2022 06:58

Sharing

Report Analysis Logs

General

Target

3a0d64454066910e3c88696e28148e30e8d0a375f98a167753179596e1799bec.exe
Size

344KB
MD5

778502fe46970dc78f9d82d3c73b2b50
SHA1

b1e820e8d828755201252e5ada49f964abb3a724
SHA256

3a0d64454066910e3c88696e28148e30e8d0a375f98a167753179596e1799bec
SHA512

cc55227402dac0adcec568b3287fe31c04fc1472809def36efda401fbf4d69af23c83ed0c736049683082af5916701b2a65215d08b96f4365c33856c3f6633dc

Score

10^/10

dridex botnet loader

Malware Config

Extracted

Family

dridex

C2

198.61.168.254:443

198.199.106.229:5900

104.247.221.104:443

92.222.216.44:443

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Dridex Loader 1 IoCs

Detects Dridex both x86 and x64 loader in memory.

Processes:

resource	yara_rule
behavioral1/memory/972-55-0x0000000000A50000-0x0000000000AA7000-memory.dmp	dridex_ldr

C:\Users\Admin\AppData\Local\Temp\3a0d64454066910e3c88696e28148e30e8d0a375f98a167753179596e1799bec.exe
"C:\Users\Admin\AppData\Local\Temp\3a0d64454066910e3c88696e28148e30e8d0a375f98a167753179596e1799bec.exe"
1⤵
PID:972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/972-54-0x0000000075D21000-0x0000000075D23000-memory.dmp

Filesize
8KB

Download
memory/972-55-0x0000000000A50000-0x0000000000AA7000-memory.dmp

Filesize
348KB

Download
memory/972-58-0x00000000000D0000-0x00000000000D6000-memory.dmp

Filesize
24KB

Download