dridex | 25b16667b3194dd3d15525eb88f274a305786de7e39fd789ff3da514379f7dcb

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07-04-2024 21:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e5f13c6bb1109d1197126921de074041_JaffaCakes118.dll
Size

188KB
MD5

e5f13c6bb1109d1197126921de074041
SHA1

6c21987c6231db7514ce3b4c93e2ca3df76c4902
SHA256

25b16667b3194dd3d15525eb88f274a305786de7e39fd789ff3da514379f7dcb
SHA512

203104e4a72ac6848e60c358896871ae66e35dc30dc14c7e9a399972749e062f9ebddb2c26d24a09b2e90f9a20808f49ea2cf1f6e91e7dc69e3c2de7c9a9b148
SSDEEP

3072:gA8JmK7ATVfQeVqNFZa/9KzMXJ6jTFDlAwqWut5KZMzfeAAAolo:gzIqATVfQeV2FZalKq6jtGJWuTmd

Score

10^/10

dridex 22201 botnet loader

Malware Config

Extracted

Family

dridex

Botnet

22201

103.82.248.59:443

54.39.98.141:6602

103.109.247.8:10443

rc4.plain

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Dridex Loader 1 IoCs

Detects Dridex both x86 and x64 loader in memory.

botnet loader

Processes:

resource	yara_rule
behavioral1/memory/552-0-0x0000000074C20000-0x0000000074C50000-memory.dmp	dridex_ldr

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2944 wrote to memory of 552	2944	rundll32.exe	rundll32.exe
PID 2944 wrote to memory of 552	2944	rundll32.exe	rundll32.exe
PID 2944 wrote to memory of 552	2944	rundll32.exe	rundll32.exe
PID 2944 wrote to memory of 552	2944	rundll32.exe	rundll32.exe
PID 2944 wrote to memory of 552	2944	rundll32.exe	rundll32.exe
PID 2944 wrote to memory of 552	2944	rundll32.exe	rundll32.exe
PID 2944 wrote to memory of 552	2944	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e5f13c6bb1109d1197126921de074041_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2944

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e5f13c6bb1109d1197126921de074041_JaffaCakes118.dll,#1
2⤵
PID:552

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/552-0-0x0000000074C20000-0x0000000074C50000-memory.dmp

Filesize
192KB

Download
memory/552-2-0x0000000000100000-0x0000000000106000-memory.dmp

Filesize
24KB

Download