dridex | f065af55c510b2182792f5b3b60db6d8119d16115b64fc74fce7b1685178061b

Analysis

max time kernel
55s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
26-04-2024 23:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f065af55c510b2182792f5b3b60db6d8119d16115b64fc74fce7b1685178061b.dll
Size

180KB
MD5

12288223f1aaf973f320d51e399affaf
SHA1

90148e1ed58dfa2043db612eecdcb99376cae56e
SHA256

f065af55c510b2182792f5b3b60db6d8119d16115b64fc74fce7b1685178061b
SHA512

0e950e382a8227ba0dc19a0a08539129ad4f7ca3e068f5614b3a447fa39747c260e48da7b7ccdfb776fe7e310994da8a2c2cb6316ef01d2507f9dc07316f4f25
SSDEEP

3072:x3U+o/fwAUfM8+NmXhjlAZ+SWlxT5H3zipQIoZeErkxUNBG0:ZUZYxfM8+YXfq+SOxTxjipQjzk3

Score

10^/10

dridex 111 botnet loader

Malware Config

Extracted

Family

dridex

Botnet

111

94.126.8.2:443

81.2.235.131:1688

178.63.156.139:3388

rc4.plain

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Dridex Loader 2 IoCs

Detects Dridex both x86 and x64 loader in memory.

botnet loader

Processes:

resource	yara_rule
behavioral2/memory/4960-0-0x0000000074FF0000-0x000000007501E000-memory.dmp	dridex_ldr
behavioral2/memory/4960-2-0x0000000074FF0000-0x000000007501E000-memory.dmp	dridex_ldr

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3740 wrote to memory of 4960	3740	rundll32.exe	rundll32.exe
PID 3740 wrote to memory of 4960	3740	rundll32.exe	rundll32.exe
PID 3740 wrote to memory of 4960	3740	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f065af55c510b2182792f5b3b60db6d8119d16115b64fc74fce7b1685178061b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3740

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f065af55c510b2182792f5b3b60db6d8119d16115b64fc74fce7b1685178061b.dll,#1
2⤵
PID:4960

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4960-0-0x0000000074FF0000-0x000000007501E000-memory.dmp

Filesize
184KB

Download
memory/4960-1-0x00000000007D0000-0x00000000007D6000-memory.dmp

Filesize
24KB

Download
memory/4960-2-0x0000000074FF0000-0x000000007501E000-memory.dmp

Filesize
184KB

Download