dridex | 1a38b43a61cad2fba9077942ee0abd2fa55cba21cf52a90603bbfed39147a22a

Analysis

Target

w50lew.dll
Size

848KB
MD5

c172dffca245d2a779b6231ee0746134
SHA1

c1534cfccfc431b817cd16600cee32d3b52e980d
SHA256

1a38b43a61cad2fba9077942ee0abd2fa55cba21cf52a90603bbfed39147a22a
SHA512

cc128c989beef8d8de3de7537296c46e42ecc17fd22c2811734ae382ebc024ac0fdb369df72f1bc6e784aba8b18808743c6a35cac9295863831670e4add13ee2

Score

10^/10

dridex 10444 botnet

Family

dridex

Botnet

10444

194.225.58.214:443

211.110.44.63:5353

69.164.207.140:3388

198.57.200.100:3786

rc4.plain

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 880 wrote to memory of 1496	880	regsvr32.exe	regsvr32.exe
PID 880 wrote to memory of 1496	880	regsvr32.exe	regsvr32.exe
PID 880 wrote to memory of 1496	880	regsvr32.exe	regsvr32.exe
PID 880 wrote to memory of 1496	880	regsvr32.exe	regsvr32.exe
PID 880 wrote to memory of 1496	880	regsvr32.exe	regsvr32.exe
PID 880 wrote to memory of 1496	880	regsvr32.exe	regsvr32.exe
PID 880 wrote to memory of 1496	880	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\w50lew.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:880

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\w50lew.dll
2⤵
PID:1496

memory/880-54-0x000007FEFB6E1000-0x000007FEFB6E3000-memory.dmp

Filesize
8KB

Download
memory/1496-55-0x0000000000000000-mapping.dmp

Download
memory/1496-56-0x0000000075711000-0x0000000075713000-memory.dmp

Filesize
8KB

Download
memory/1496-57-0x0000000074200000-0x00000000742E2000-memory.dmp

Filesize
904KB

Download
memory/1496-58-0x0000000074200000-0x000000007423D000-memory.dmp

Filesize
244KB

Download
memory/1496-59-0x0000000074200000-0x00000000742E2000-memory.dmp

Filesize
904KB

Download
memory/1496-61-0x0000000074200000-0x00000000742E2000-memory.dmp

Filesize
904KB

Download
memory/1496-62-0x0000000074200000-0x00000000742E2000-memory.dmp

Filesize
904KB

Download