dridex | c70a58085a150022414711abbb6d2481016165bb389db7cfffa32bf47844c405 | Triage

Analysis

max time kernel
45s
max time network
50s
platform
windows7_x64
resource
win7-20220715-en
resource tags

arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
submitted
24-07-2022 15:03

Sharing

Report Analysis Logs

General

Target

c70a58085a150022414711abbb6d2481016165bb389db7cfffa32bf47844c405.exe
Size

360KB
MD5

4a1a3219af53921e6f1791566f40a91d
SHA1

82523d7f3960d4816c09cbda9b7cd76694461197
SHA256

c70a58085a150022414711abbb6d2481016165bb389db7cfffa32bf47844c405
SHA512

a37b86fed099da96017eb24017c72106d219d0949c65cdf08ab168153f69d62d205bca38e656f012c02fd5cab6330f2aa628d19b882bd58f3856d91bf4f08853

Score

10^/10

dridex botnet loader

Malware Config

Extracted

Family

dridex

C2

139.59.246.59:443

159.69.89.90:3389

159.89.179.87:3389

62.210.26.206:3389

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Dridex Loader 1 IoCs

Detects Dridex both x86 and x64 loader in memory.

Processes:

resource	yara_rule
behavioral1/memory/576-56-0x0000000000400000-0x000000000047C000-memory.dmp	dridex_ldr

C:\Users\Admin\AppData\Local\Temp\c70a58085a150022414711abbb6d2481016165bb389db7cfffa32bf47844c405.exe
"C:\Users\Admin\AppData\Local\Temp\c70a58085a150022414711abbb6d2481016165bb389db7cfffa32bf47844c405.exe"
1⤵
PID:576

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/576-54-0x00000000005D8000-0x00000000005F0000-memory.dmp

Filesize
96KB

Download
memory/576-55-0x00000000005D8000-0x00000000005F0000-memory.dmp

Filesize
96KB

Download
memory/576-56-0x0000000000400000-0x000000000047C000-memory.dmp

Filesize
496KB

Download