dridex | 4ba953a32ac41e1b5097f684b00a7d70N[.]exe

General

Target

4ba953a32ac41e1b5097f684b00a7d70N.exe
Size

117KB
MD5

4ba953a32ac41e1b5097f684b00a7d70
SHA1

79aa3a0868710a51d7b15001ce28f93cc8f41f4f
SHA256

ec1a6e15a90445b7b048927c9a46742424a67d129686a30486562a23831d59aa
SHA512

a2bbb1ea8dc5fbfd631f16c37ffc15c51dee3c745c31453f457070966e13ea0b2fe424aa06cbcbd54f67c8db9474e68282cf5529be24ff93a71a43aebaca248f
SSDEEP

3072:iQ7UKo8ztdcDu3FZ0/497Vafu6KRWoEabs1s:iYUKoAtdcDu1iw3ghuWQu

Score

10^/10

botnet loader 22203 dridex

Malware Config

Extracted

Family

dridex

Botnet

22203

C2

80.241.218.90:443

103.161.172.109:13786

87.98.128.76:5723

rc4.plain

Signatures

Dridex Loader 1 IoCs

Detects Dridex both x86 and x64 loader in memory.

botnet loader

Processes:

resource	yara_rule
sample	dridex_ldr

Dridex family
dridex

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
4ba953a32ac41e1b5097f684b00a7d70N.exe

Files

4ba953a32ac41e1b5097f684b00a7d70N.exe
.dll windows:6 windows x86 arch:x86

68b66fd5fe2322f1f5fcb9cf4ede12bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LCMapStringA
IsBadReadPtr
HeapValidate
GetStringTypeA
GetStartupInfoA
GetLocaleInfoA
LoadLibraryA
GetConsoleOutputCP
FreeEnvironmentStringsA
FlushFileBuffers
DebugBreak
CreateFileA
GetLastError
GetEnvironmentStrings
OutputDebugStringA

user32

MessageBoxW

advapi32

GetUserNameW

Exports

Exports

PushRouter_Close
PushRouter_FreeMessage
PushRouter_GetMessage
PushRouter_Open
PushRouter_SubmitPush

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

68b66fd5fe2322f1f5fcb9cf4ede12bd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 99KB - Virtual size: 98KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 1024B - Virtual size: 768B

.CRT Size: 512B - Virtual size: 4B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 760B

.text
Size: 99KB - Virtual size: 98KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 1024B - Virtual size: 768B

.CRT
Size: 512B - Virtual size: 4B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 760B