Analysis
-
max time kernel
62s -
max time network
16s -
platform
windows7_x64 -
resource
win7v200722 -
submitted
24-09-2020 07:38
Static task
static1
Behavioral task
behavioral1
Sample
DRIDEX.dll
Resource
win7v200722
windows7_x64
0 signatures
0 seconds
General
-
Target
DRIDEX.dll
-
Size
320KB
-
MD5
871c3af229204f1b42629653571536df
-
SHA1
5e05260708897ac30bba409f234dd157044ab7dd
-
SHA256
1f8dc085e250847f7a31d7785710be49b17eed1e1c6e460478e2e5232bda689a
-
SHA512
e1036a37f761c2815046c5d7f021bae2f877c9202337449f2d52c07d9eed05e021f4d31b072542dde9b4dac0bed8a1499ce7891546e90812c0d2ec67f04f0af0
Malware Config
Extracted
Family
dridex
Botnet
10444
C2
151.236.219.181:443
142.4.6.57:14043
162.144.127.197:3786
103.40.116.68:5443
rc4.plain
rc4.plain
Signatures
-
resource yara_rule behavioral1/memory/1012-1-0x0000000075310000-0x000000007534D000-memory.dmp dridex_ldr -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1332 wrote to memory of 1012 1332 rundll32.exe 24 PID 1332 wrote to memory of 1012 1332 rundll32.exe 24 PID 1332 wrote to memory of 1012 1332 rundll32.exe 24 PID 1332 wrote to memory of 1012 1332 rundll32.exe 24 PID 1332 wrote to memory of 1012 1332 rundll32.exe 24 PID 1332 wrote to memory of 1012 1332 rundll32.exe 24 PID 1332 wrote to memory of 1012 1332 rundll32.exe 24