dridex | 868d95b618e347d1eb20c5a64af0bb20c57a025df3550a9b352e0f700d8c0eec

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 15:39

Target

3558c13483c35c78eed1855995885971_JaffaCakes118.exe
Size

172KB
MD5

3558c13483c35c78eed1855995885971
SHA1

5f4cb0b46bba3434cf1e8b8c9de9cc0402168ae1
SHA256

868d95b618e347d1eb20c5a64af0bb20c57a025df3550a9b352e0f700d8c0eec
SHA512

f454e7a2a7351653816e86eaa9ac678fdb91ecc3b75106bfb2005d55a843c25f3981208846d3ff5f43d49eb08ecd8717220ac4df3cad30e58beff3e57720fba4
SSDEEP

3072:eZacIgtuRS0Ek1ie6TbyqmT9pm4u5Li+qvYxecyZQ5VCg:JN1RS0T136Tbqk5Li+4Sho

Score

10^/10

Family

dridex

185.14.148.44:3389

192.254.173.31:1443

185.52.3.84:3389

23.253.207.142:1443

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Dridex Loader 2 IoCs

Detects Dridex both x86 and x64 loader in memory.

resource	yara_rule
behavioral1/memory/2568-0-0x0000000000210000-0x000000000023C000-memory.dmp	dridex_ldr
behavioral1/memory/2568-3-0x0000000000210000-0x000000000023C000-memory.dmp	dridex_ldr

C:\Users\Admin\AppData\Local\Temp\3558c13483c35c78eed1855995885971_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3558c13483c35c78eed1855995885971_JaffaCakes118.exe"
1⤵
PID:2568

memory/2568-0-0x0000000000210000-0x000000000023C000-memory.dmp

Filesize
176KB

Download
memory/2568-2-0x0000000000160000-0x0000000000166000-memory.dmp

Filesize
24KB

Download
memory/2568-3-0x0000000000210000-0x000000000023C000-memory.dmp

Filesize
176KB

Download