dridex | 3c3a9317925fe537227cc242ad27020787bd7f9ca3655cb34a1c277d725a40a3 | Triage

Analysis

max time kernel
40s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
03-07-2022 08:11

Sharing

Report Analysis Logs

General

Target

3c3a9317925fe537227cc242ad27020787bd7f9ca3655cb34a1c277d725a40a3.exe
Size

306KB
MD5

cbb4661499c8eb1381c8ebd0e1b87122
SHA1

6ced2171af54977cfa04841c7813676cca136ec6
SHA256

3c3a9317925fe537227cc242ad27020787bd7f9ca3655cb34a1c277d725a40a3
SHA512

6b2e754eb8c1e3b1d93eb8be1989e8fba5c1bad92a74ab8c353284abc6d1046e8671fa95afcda0ddda807687e18a83936b6f363143d7ff3fd0561407e17770e3

Score

10^/10

dridex botnet loader

Malware Config

Extracted

Family

dridex

C2

46.105.131.86:443

5.39.91.110:691

5.133.242.156:170

64.22.124.239:691

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Dridex Loader 1 IoCs

Detects Dridex both x86 and x64 loader in memory.

Processes:

resource	yara_rule
behavioral1/memory/1272-56-0x0000000000400000-0x000000000046D000-memory.dmp	dridex_ldr

C:\Users\Admin\AppData\Local\Temp\3c3a9317925fe537227cc242ad27020787bd7f9ca3655cb34a1c277d725a40a3.exe
"C:\Users\Admin\AppData\Local\Temp\3c3a9317925fe537227cc242ad27020787bd7f9ca3655cb34a1c277d725a40a3.exe"
1⤵
PID:1272

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1272-54-0x00000000005E9000-0x0000000000601000-memory.dmp

Filesize
96KB

Download
memory/1272-55-0x00000000005E9000-0x0000000000601000-memory.dmp

Filesize
96KB

Download
memory/1272-56-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download