dridex | 0b8d22a05a650febaf2d3cb1b786ceff34b33cedc722c9d8c0adc35855fa2824

Analysis

max time kernel
39s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04-01-2025 08:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b8d22a05a650febaf2d3cb1b786ceff34b33cedc722c9d8c0adc35855fa2824N.exe
Size

366KB
MD5

7cc01b1ff68f4d3cf42a2ff9c7122ad0
SHA1

78c7eb7bb622e0c1836a2d62bec56a83525b971e
SHA256

0b8d22a05a650febaf2d3cb1b786ceff34b33cedc722c9d8c0adc35855fa2824
SHA512

4aa1b138ae9ecbe08b090d30f35d8edc62f5f40409a2c3032af2a714a428866eea67248984a7ccba71576a5dc7ad9a6e003cf5572c6b720c3a03dc80bcd7754f
SSDEEP

6144:BuUfyIrWsUujF7DpzIhDyacsEv6P8xWWzv:AUaIrWPupJIheacsb0zv

Score

10^/10

dridex 10111 botnet discovery

Malware Config

Extracted

Family

dridex

Botnet

10111

87.98.218.33:443

54.38.143.246:691

92.38.128.47:3389

159.65.79.173:3886

rc4.plain

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex
Dridex family
dridex

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0b8d22a05a650febaf2d3cb1b786ceff34b33cedc722c9d8c0adc35855fa2824N.exe

C:\Users\Admin\AppData\Local\Temp\0b8d22a05a650febaf2d3cb1b786ceff34b33cedc722c9d8c0adc35855fa2824N.exe
"C:\Users\Admin\AppData\Local\Temp\0b8d22a05a650febaf2d3cb1b786ceff34b33cedc722c9d8c0adc35855fa2824N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2552-0-0x0000000000250000-0x0000000000277000-memory.dmp

Filesize
156KB

Download
memory/2552-1-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2552-2-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/2552-3-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download