dridex | 43cef6768af422a8581134dd9f912c3dbfa566d30cad58d270e151f4c877dbf2

Analysis

max time kernel
48s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
23-04-2024 12:25

Target

43cef6768af422a8581134dd9f912c3dbfa566d30cad58d270e151f4c877dbf2.dll
Size

180KB
MD5

fa79a77a543c98f91750d3ef0e96e75b
SHA1

516c9817fe52108cc1594bf9700d9ca57e386433
SHA256

43cef6768af422a8581134dd9f912c3dbfa566d30cad58d270e151f4c877dbf2
SHA512

a8e3d30fe47952d1e79dce48075324b7b6728d46a88e50873bde91a60d0152ed6bb9dff14f5c99f5e2d8e2f8f76a5eed193cbe4cef70902ac4deb8736b0a7bbe
SSDEEP

3072:13U+o/fwAUfM8+NmXhjlAZ+SWlxT5H3zipQIoZeErkxUNBG0:FUZYxfM8+YXfq+SOxTxjipQjzk3

Score

10^/10

Family

dridex

Botnet

111

94.126.8.2:443

81.2.235.131:1688

178.63.156.139:3388

rc4.plain

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Dridex Loader 2 IoCs

Detects Dridex both x86 and x64 loader in memory.

Processes:

resource	yara_rule
behavioral2/memory/5112-0-0x0000000075530000-0x000000007555E000-memory.dmp	dridex_ldr
behavioral2/memory/5112-2-0x0000000075530000-0x000000007555E000-memory.dmp	dridex_ldr

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1440 wrote to memory of 5112	1440	rundll32.exe	rundll32.exe
PID 1440 wrote to memory of 5112	1440	rundll32.exe	rundll32.exe
PID 1440 wrote to memory of 5112	1440	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\43cef6768af422a8581134dd9f912c3dbfa566d30cad58d270e151f4c877dbf2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1440

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\43cef6768af422a8581134dd9f912c3dbfa566d30cad58d270e151f4c877dbf2.dll,#1
2⤵
PID:5112

memory/5112-0-0x0000000075530000-0x000000007555E000-memory.dmp

Filesize
184KB

Download
memory/5112-1-0x0000000002290000-0x0000000002296000-memory.dmp

Filesize
24KB

Download
memory/5112-2-0x0000000075530000-0x000000007555E000-memory.dmp

Filesize
184KB

Download