Overview

overview

10

Static

static

f24a6b05ff...e9.exe

windows7-x64

10

f24a6b05ff...e9.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    38s
  • max time network
    41s
  • platform
    windows7_x64
  • resource
    win7-20220715-en
  • resource tags

    arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
  • submitted
    24-07-2022 17:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f24a6b05ff39fb749a39ef9c848f3e9be73807123729879e1cb130464ea193e9.exe

  • Size

    292KB

  • MD5

    d2629536720c268f7f7d262cc3ef94cb

  • SHA1

    121557a26d59e064c9c28bfa062aa8a832950200

  • SHA256

    f24a6b05ff39fb749a39ef9c848f3e9be73807123729879e1cb130464ea193e9

  • SHA512

    23206a1ca33e89b1ed2d103d1666a51a5c72515edacdf25a868cf408d28bba5275e2b7f9155282dcd9b80a19669ec72001b1ccd504c2b4ad2bfcd600e74ad536

Score
10/10
dridexbotnetloader

Malware Config

Extracted

Family

dridex

C2

138.197.76.168:443

5.133.242.156:170

5.39.91.110:691

85.234.143.94:170

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Loader 1 IoCs

    Detects Dridex both x86 and x64 loader in memory.

    botnetloader

Processes

  • C:\Users\Admin\AppData\Local\Temp\f24a6b05ff39fb749a39ef9c848f3e9be73807123729879e1cb130464ea193e9.exe
    "C:\Users\Admin\AppData\Local\Temp\f24a6b05ff39fb749a39ef9c848f3e9be73807123729879e1cb130464ea193e9.exe"
    1⤵
      PID:1480

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1480-54-0x000000000A2A0000-0x000000000A2F3000-memory.dmp
      Filesize

      332KB

      Download
    • memory/1480-57-0x00000000001A0000-0x00000000001A6000-memory.dmp
      Filesize

      24KB

      Download