dridex | 3a0d64454066910e3c88696e28148e30e8d0a375f98a167753179596e1799bec | Triage

Analysis

max time kernel
134s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
25-06-2022 06:58

Sharing

Report Analysis Logs

General

Target

3a0d64454066910e3c88696e28148e30e8d0a375f98a167753179596e1799bec.exe
Size

344KB
MD5

778502fe46970dc78f9d82d3c73b2b50
SHA1

b1e820e8d828755201252e5ada49f964abb3a724
SHA256

3a0d64454066910e3c88696e28148e30e8d0a375f98a167753179596e1799bec
SHA512

cc55227402dac0adcec568b3287fe31c04fc1472809def36efda401fbf4d69af23c83ed0c736049683082af5916701b2a65215d08b96f4365c33856c3f6633dc

Score

10^/10

dridex botnet loader

Malware Config

Extracted

Family

dridex

C2

198.61.168.254:443

198.199.106.229:5900

104.247.221.104:443

92.222.216.44:443

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Dridex Loader 1 IoCs

Detects Dridex both x86 and x64 loader in memory.

Processes:

resource	yara_rule
behavioral2/memory/4516-130-0x0000000000050000-0x00000000000A7000-memory.dmp	dridex_ldr

C:\Users\Admin\AppData\Local\Temp\3a0d64454066910e3c88696e28148e30e8d0a375f98a167753179596e1799bec.exe
"C:\Users\Admin\AppData\Local\Temp\3a0d64454066910e3c88696e28148e30e8d0a375f98a167753179596e1799bec.exe"
1⤵
PID:4516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4516-130-0x0000000000050000-0x00000000000A7000-memory.dmp

Filesize
348KB

Download
memory/4516-133-0x0000000000EF0000-0x0000000000EF6000-memory.dmp

Filesize
24KB

Download