dridex | 0d02d3159a1191378b2e4d6306079ba499bfe4bbe3c4c43982352b488acd10f9

Analysis

max time kernel
51s
max time network
18s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-02-2025 14:26

Target

0d02d3159a1191378b2e4d6306079ba499bfe4bbe3c4c43982352b488acd10f9.exe
Size

787KB
MD5

0b52525faa9bde4bbf60ac20b5220e03
SHA1

611e5fbffcd7c1856fe7d9133ad6c50b5c3c56e2
SHA256

0d02d3159a1191378b2e4d6306079ba499bfe4bbe3c4c43982352b488acd10f9
SHA512

02f4d4d987c51935468acaacefc01fd79fbecba4f341d4ebaa6157af3b1f151e979f4f423c3e10fa86063511e1deb8735bebeb33d759dc457b7e8a180a3c2cb6
SSDEEP

6144:dmmO19e3qlOslMkn0an0D/jwsi5iC3Aip5ui8eYRKM1+ZpvpQKv+fFLXF2py4n0G:ENLPHLiHipGoM1D2+fBybn/

Score

10^/10

Family

dridex

Botnet

10111

217.20.166.177:443

54.38.143.246:691

92.38.128.47:3389

rc4.plain

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex
Dridex family
dridex

Dridex Loader 'dmod' strings 3 IoCs

Detects 'dmod' strings in Dridex loader.

resource	yara_rule
behavioral1/memory/2744-1-0x0000000000400000-0x000000000042C000-memory.dmp	dridex_ldr_dmod
behavioral1/memory/2744-2-0x0000000000400000-0x000000000042C000-memory.dmp	dridex_ldr_dmod
behavioral1/memory/2744-3-0x0000000000400000-0x00000000004C8000-memory.dmp	dridex_ldr_dmod

C:\Users\Admin\AppData\Local\Temp\0d02d3159a1191378b2e4d6306079ba499bfe4bbe3c4c43982352b488acd10f9.exe
"C:\Users\Admin\AppData\Local\Temp\0d02d3159a1191378b2e4d6306079ba499bfe4bbe3c4c43982352b488acd10f9.exe"
1⤵
PID:2744

memory/2744-0-0x0000000000220000-0x000000000024B000-memory.dmp

Filesize
172KB

Download
memory/2744-1-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2744-2-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2744-3-0x0000000000400000-0x00000000004C8000-memory.dmp

Filesize
800KB

Download