dridex | e61c53e819ecc0ca9f61f6c33dda797c94f4926bb2a245a35a166a64d84d362c | Triage

Analysis

max time kernel
96s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220722-en
resource tags

arch:x64arch:x86image:win10v2004-20220722-enlocale:en-usos:windows10-2004-x64system
submitted
25-07-2022 03:01

Sharing

Report Analysis Logs

General

Target

e61c53e819ecc0ca9f61f6c33dda797c94f4926bb2a245a35a166a64d84d362c.dll
Size

280KB
MD5

d23331547cde74dd1e2f523fc0e651ad
SHA1

6df573c80533b26cab0329382805e013ba9c0e99
SHA256

e61c53e819ecc0ca9f61f6c33dda797c94f4926bb2a245a35a166a64d84d362c
SHA512

27fc3393e21534ef15d138b912ba46a6a626de3c2977a97c611b48f221888a4ed517151cafcd430f1f0a6504c529d73c124ef0009d0da51d4fa0d8df43330386

Score

10^/10

dridex botnet

Malware Config

Extracted

Family

dridex

C2

167.99.154.240:443

212.53.140.12:3389

87.118.70.66:8443

31.14.133.157:691

185.81.157.231:3389

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4304 wrote to memory of 3336	4304	rundll32.exe	rundll32.exe
PID 4304 wrote to memory of 3336	4304	rundll32.exe	rundll32.exe
PID 4304 wrote to memory of 3336	4304	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e61c53e819ecc0ca9f61f6c33dda797c94f4926bb2a245a35a166a64d84d362c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4304

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e61c53e819ecc0ca9f61f6c33dda797c94f4926bb2a245a35a166a64d84d362c.dll,#1
2⤵
PID:3336

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3336-132-0x0000000000000000-mapping.dmp

Download
memory/3336-133-0x0000000074DD0000-0x0000000074DED000-memory.dmp

Filesize
116KB

Download
memory/3336-134-0x0000000074DD0000-0x0000000075727000-memory.dmp

Filesize
9.3MB

Download
memory/3336-136-0x0000000074DD0000-0x0000000075727000-memory.dmp

Filesize
9.3MB

Download
memory/3336-137-0x0000000074DD0000-0x0000000075727000-memory.dmp

Filesize
9.3MB

Download