dridex | bc4fa9cb6a6b349c6c4b975bf2f5785a063e3cc1ac6c8886f9bb00da5caaec76

Analysis

max time kernel
14s
max time network
18s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17-01-2025 14:41

Target

bc4fa9cb6a6b349c6c4b975bf2f5785a063e3cc1ac6c8886f9bb00da5caaec76.exe
Size

365KB
MD5

37e25bdc32ec7a0698826c7c6a446825
SHA1

ebfd86d8fed465078f874752468cb25767325c2a
SHA256

bc4fa9cb6a6b349c6c4b975bf2f5785a063e3cc1ac6c8886f9bb00da5caaec76
SHA512

b6894aa49caaabe0bea13f59964499022851d2c56be0bc5415eca396677bdbd14f3d9d25bcee96a4ba13daa0feca29cbaa784509cc7c05f30e6fd868962138fe
SSDEEP

3072:BdOb5g2mc06HSamn/2AWbwvpS1IVrVOZHBvskLyAITytApFUKjbobZYy:yFRmc06yamHgIchvlWAI5pFVH8Zp

Score

10^/10

dridex botnet

Family

dridex

94.130.66.61:691

192.232.207.243:8443

185.10.202.137:1443

88.217.172.79:3386

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex
Dridex family
dridex

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
2348	bc4fa9cb6a6b349c6c4b975bf2f5785a063e3cc1ac6c8886f9bb00da5caaec76.exe

C:\Users\Admin\AppData\Local\Temp\bc4fa9cb6a6b349c6c4b975bf2f5785a063e3cc1ac6c8886f9bb00da5caaec76.exe
"C:\Users\Admin\AppData\Local\Temp\bc4fa9cb6a6b349c6c4b975bf2f5785a063e3cc1ac6c8886f9bb00da5caaec76.exe"
1⤵
- Suspicious use of UnmapMainImage
PID:2348

memory/2348-0-0x00000000020B0000-0x00000000020D6000-memory.dmp

Filesize
152KB

Download
memory/2348-1-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2348-2-0x00000000020B0000-0x00000000020D6000-memory.dmp

Filesize
152KB

Download