Overview

overview

10

Static

static

3

1e109b28ab...dd.dll

windows7-x64

10

1e109b28ab...dd.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/01/2024, 09:39

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1e109b28ab2529fa7ad0b0e6e477c5dd.dll

  • Size

    188KB

  • MD5

    1e109b28ab2529fa7ad0b0e6e477c5dd

  • SHA1

    8347828ea0d9de7d599d0ab663e56c5ccd7e440d

  • SHA256

    997f3fe765740586a96461aadc8cc0d29dc6a5faf3785159b1903fe91331b2b0

  • SHA512

    257c270ab918b72ff333876f146a36fd581af8448e1fb53986f8debb2e7b9af6281b0660f5ee5e50842962b0a51ea18bd22d82595f7988677cdc92b1bc6dd7a2

  • SSDEEP

    3072:XH0uyjZqEpAK+Gf78TBdrXkTM5vhRg9Esf0DwvtyMpVnpA+z6tX8sxKViWZ7dU:XUua/Pv7YNhRIEZDeXVpAxtMsxK

Score
10/10
dridex22201botnetloader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.82.248.59:443

54.39.98.141:6602

103.109.247.8:10443
rc4.plain
rc4.plain

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Loader 1 IoCs

    Detects Dridex both x86 and x64 loader in memory.

    botnetloader
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\1e109b28ab2529fa7ad0b0e6e477c5dd.dll,#1
    1⤵
      PID:1500
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 692
        2⤵
        • Program crash
        PID:3872
    • C:\Windows\system32\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\1e109b28ab2529fa7ad0b0e6e477c5dd.dll,#1
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:3504
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1500 -ip 1500
      1⤵
        PID:680

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1500-1-0x0000000000BE0000-0x0000000000BE6000-memory.dmp

              Filesize

              24KB

              Download

            • memory/1500-0-0x0000000075340000-0x0000000075370000-memory.dmp

              Filesize

              192KB

              Download