dridex | 08fa74b7dc35541bf89569cb098f2c56a45f80f71661961b360aff81f04126b8

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/01/2024, 14:59

Target

7d46b2f1f1e8a32b6e3c28d92eca9d21.dll
Size

188KB
MD5

7d46b2f1f1e8a32b6e3c28d92eca9d21
SHA1

925f15cfba1d0539f6f24c2a34a7387f67231a65
SHA256

08fa74b7dc35541bf89569cb098f2c56a45f80f71661961b360aff81f04126b8
SHA512

97f4ef25efa69af5c082b9f4fefcc8121e78f8484db0f2e36b895e983544b8cc24334439d433f57b73f1ec45499047ee9d8c5c85296e7ac21b313d1d5f99a313
SSDEEP

3072:1A8JmK7ATVfQeVqNFZa/9KzMXJ6jTFDlAwqWut5KZMzfeAAAoco:1zIqATVfQeV2FZalKq6jtGJWuTmd

Score

10^/10

Family

dridex

Botnet

22201

103.82.248.59:443

54.39.98.141:6602

103.109.247.8:10443

rc4.plain

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Dridex Loader 1 IoCs

Detects Dridex both x86 and x64 loader in memory.

resource	yara_rule
behavioral1/memory/2844-0-0x0000000074C20000-0x0000000074C50000-memory.dmp	dridex_ldr

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2844	2384	rundll32.exe	28
PID 2384 wrote to memory of 2844	2384	rundll32.exe	28
PID 2384 wrote to memory of 2844	2384	rundll32.exe	28
PID 2384 wrote to memory of 2844	2384	rundll32.exe	28
PID 2384 wrote to memory of 2844	2384	rundll32.exe	28
PID 2384 wrote to memory of 2844	2384	rundll32.exe	28
PID 2384 wrote to memory of 2844	2384	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7d46b2f1f1e8a32b6e3c28d92eca9d21.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7d46b2f1f1e8a32b6e3c28d92eca9d21.dll,#1
  2⤵
  PID:2844

memory/2844-0-0x0000000074C20000-0x0000000074C50000-memory.dmp

Filesize
192KB

Download
memory/2844-1-0x0000000000130000-0x0000000000136000-memory.dmp

Filesize
24KB

Download