dridex | 6cf9ddc4bb1e5639988385225eaaa6fc37a933088a79caeec7b5da1da9c58989 | Triage

Analysis

max time kernel
39s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
01-07-2022 03:18

Sharing

Report Analysis Logs

General

Target

6cf9ddc4bb1e5639988385225eaaa6fc37a933088a79caeec7b5da1da9c58989.exe
Size

168KB
MD5

58be35554a0bbbc7c4ccaddaf780bd55
SHA1

bd6b809d8fd98e3e58a632620b08d33822dab985
SHA256

6cf9ddc4bb1e5639988385225eaaa6fc37a933088a79caeec7b5da1da9c58989
SHA512

efdbaf35f85b118c75dc02593f5a521934f79464434743dc1f5f12504ac90e4866a6c0ce4afa3a6a4e292723c1bb86159163c359934f64beb8df4f80a14e6403

Score

10^/10

dridex botnet loader

Malware Config

Extracted

Family

dridex

C2

162.243.82.116:443

152.89.236.214:1443

192.254.173.31:1443

74.208.74.92:1443

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Dridex Loader 1 IoCs

Detects Dridex both x86 and x64 loader in memory.

Processes:

resource	yara_rule
behavioral1/memory/336-54-0x0000000000810000-0x000000000083B000-memory.dmp	dridex_ldr

C:\Users\Admin\AppData\Local\Temp\6cf9ddc4bb1e5639988385225eaaa6fc37a933088a79caeec7b5da1da9c58989.exe
"C:\Users\Admin\AppData\Local\Temp\6cf9ddc4bb1e5639988385225eaaa6fc37a933088a79caeec7b5da1da9c58989.exe"
1⤵
PID:336

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/336-54-0x0000000000810000-0x000000000083B000-memory.dmp

Filesize
172KB

Download
memory/336-57-0x00000000000A0000-0x00000000000A6000-memory.dmp

Filesize
24KB

Download