dridex | e63419700590e021c61e68cfaccfbe5be4f31aba7fdf703d323c8b14365658e5

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220718-en
resource tags

arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system
submitted
31-07-2022 05:07

Target

cspwge.dll
Size

425KB
MD5

7d99e955a5f92c1f7809bb6a6609af70
SHA1

a9eae703e5b501bd0ab767782ee4cfad467b736e
SHA256

e63419700590e021c61e68cfaccfbe5be4f31aba7fdf703d323c8b14365658e5
SHA512

e935fad23dc862daf1c55677d255b142f112ac1a6102614c672dd1e75f9c64a54e7266a8a1d45cc5de9b31e85db2281200d5cdb551d0dd544e8d08dddf2641b6

Score

10^/10

dridex 10555 botnet

Family

dridex

Botnet

10555

77.220.64.132:443

212.227.53.240:5037

192.241.174.45:8172

rc4.plain

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 2032 wrote to memory of 1920	2032	regsvr32.exe	regsvr32.exe
PID 2032 wrote to memory of 1920	2032	regsvr32.exe	regsvr32.exe
PID 2032 wrote to memory of 1920	2032	regsvr32.exe	regsvr32.exe
PID 2032 wrote to memory of 1920	2032	regsvr32.exe	regsvr32.exe
PID 2032 wrote to memory of 1920	2032	regsvr32.exe	regsvr32.exe
PID 2032 wrote to memory of 1920	2032	regsvr32.exe	regsvr32.exe
PID 2032 wrote to memory of 1920	2032	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\cspwge.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2032

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\cspwge.dll
2⤵
PID:1920

memory/1920-55-0x0000000000000000-mapping.dmp

Download
memory/1920-56-0x0000000075A81000-0x0000000075A83000-memory.dmp

Filesize
8KB

Download
memory/1920-57-0x0000000000AC0000-0x0000000000BAE000-memory.dmp

Filesize
952KB

Download
memory/1920-58-0x0000000000AC0000-0x0000000000BAE000-memory.dmp

Filesize
952KB

Download
memory/1920-59-0x0000000000AC0000-0x0000000000BAE000-memory.dmp

Filesize
952KB

Download
memory/2032-54-0x000007FEFBCF1000-0x000007FEFBCF3000-memory.dmp

Filesize
8KB

Download