Analysis
-
max time kernel
144s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
-
submitted
25-07-2022 16:38
General
-
Target
553cebfb4f6aab50390207ec9d0370edad33d7c7ac99d32b12481d4f452ebb77.exe
-
Size
344KB
-
MD5
1eb9fe6bed911288e1e184b838cab440
-
SHA1
ace940ecdb5f34ac018930ae7e9ff14333c6fbcf
-
SHA256
553cebfb4f6aab50390207ec9d0370edad33d7c7ac99d32b12481d4f452ebb77
-
SHA512
6aa7aa4c00b997d6e1a1fc33deb72e596cf62830260feaca628c675464266c62d55b2f4a31596ff3da0b0dafd503bbd7f68a5bf7c9daa63b8e571ed540c78b9f
Score
10/10
Malware Config
Extracted
Family
dridex
C2
184.106.153.73:443
88.220.65.41:3389
66.228.47.181:443
198.199.106.229:5900
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Loader 1 IoCs
Detects Dridex both x86 and x64 loader in memory.
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\553cebfb4f6aab50390207ec9d0370edad33d7c7ac99d32b12481d4f452ebb77.exe"C:\Users\Admin\AppData\Local\Temp\553cebfb4f6aab50390207ec9d0370edad33d7c7ac99d32b12481d4f452ebb77.exe"1⤵
- Suspicious behavior: GetForegroundWindowSpam
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3460-130-0x0000000000620000-0x0000000000677000-memory.dmpFilesize
348KB
-
memory/3460-133-0x0000000000B10000-0x0000000000B8A000-memory.dmpFilesize
488KB
-
memory/3460-134-0x0000000000B10000-0x0000000000B8A000-memory.dmpFilesize
488KB