Overview

overview

10

Static

static

3

aa83426bcc...95.dll

windows7-x64

10

aa83426bcc...95.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-02-2024 00:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aa83426bcc82c33e0fbc1ce96e0dfe95.dll

  • Size

    171KB

  • MD5

    aa83426bcc82c33e0fbc1ce96e0dfe95

  • SHA1

    42178099287beffe1c632f52e1e6391b6cb75bca

  • SHA256

    48d267f875bca7301f079a283305cba11ec8106e9ed76758c780ddb2cf847a59

  • SHA512

    4edc5fdb8c01d94ba1252f7ba95d0d4f28c7ac9499a2cd9223f6230ef4005269db17c6e5d2287a7f1feaf5638afc178cd932c3bebb2a178e3726da5310496d99

  • SSDEEP

    3072:9DZDVVA+DQ5JTOfEb18qFafjqvTwQJeWLq9NxbKejWGEjh:9zVAfqfER8qFOqv8eeWLqRb3dE

Score
10/10
dridex22203botnetloader

Malware Config

Extracted

Family

dridex

Botnet

22203

C2

137.74.112.43:443

216.108.227.55:6225

94.177.176.51:5723
rc4.plain
rc4.plain

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Loader 1 IoCs

    Detects Dridex both x86 and x64 loader in memory.

    botnetloader
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\aa83426bcc82c33e0fbc1ce96e0dfe95.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4896
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\aa83426bcc82c33e0fbc1ce96e0dfe95.dll,#1
      2⤵
        PID:1028
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 612
          3⤵
          • Program crash
          PID:2076
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 176 -p 1028 -ip 1028
      1⤵
        PID:4772

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1028-0-0x0000000075550000-0x0000000075580000-memory.dmp
        Filesize

        192KB

        Download
      • memory/1028-1-0x0000000000710000-0x0000000000716000-memory.dmp
        Filesize

        24KB

        Download