dridex | 553cebfb4f6aab50390207ec9d0370edad33d7c7ac99d32b12481d4f452ebb77 | Triage

Analysis

max time kernel
31s
max time network
44s
platform
windows7_x64
resource
win7-20220715-en
resource tags

arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
submitted
25-07-2022 16:38

Sharing

Report Analysis Logs

General

Target

553cebfb4f6aab50390207ec9d0370edad33d7c7ac99d32b12481d4f452ebb77.exe
Size

344KB
MD5

1eb9fe6bed911288e1e184b838cab440
SHA1

ace940ecdb5f34ac018930ae7e9ff14333c6fbcf
SHA256

553cebfb4f6aab50390207ec9d0370edad33d7c7ac99d32b12481d4f452ebb77
SHA512

6aa7aa4c00b997d6e1a1fc33deb72e596cf62830260feaca628c675464266c62d55b2f4a31596ff3da0b0dafd503bbd7f68a5bf7c9daa63b8e571ed540c78b9f

Score

10^/10

dridex botnet loader

Malware Config

Extracted

Family

dridex

C2

184.106.153.73:443

88.220.65.41:3389

66.228.47.181:443

198.199.106.229:5900

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Dridex Loader 1 IoCs

Detects Dridex both x86 and x64 loader in memory.

Processes:

resource	yara_rule
behavioral1/memory/1972-55-0x0000000001220000-0x0000000001277000-memory.dmp	dridex_ldr

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

553cebfb4f6aab50390207ec9d0370edad33d7c7ac99d32b12481d4f452ebb77.exe

pid process

1972 553cebfb4f6aab50390207ec9d0370edad33d7c7ac99d32b12481d4f452ebb77.exe

C:\Users\Admin\AppData\Local\Temp\553cebfb4f6aab50390207ec9d0370edad33d7c7ac99d32b12481d4f452ebb77.exe
"C:\Users\Admin\AppData\Local\Temp\553cebfb4f6aab50390207ec9d0370edad33d7c7ac99d32b12481d4f452ebb77.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:1972

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1972-54-0x0000000075311000-0x0000000075313000-memory.dmp

Filesize
8KB

Download
memory/1972-55-0x0000000001220000-0x0000000001277000-memory.dmp

Filesize
348KB

Download
memory/1972-58-0x0000000000110000-0x0000000000116000-memory.dmp

Filesize
24KB

Download