Analysis
-
max time kernel
59s -
max time network
46s -
platform
windows7_x64 -
resource
win7 -
submitted
24-09-2020 07:38
Static task
static1
Behavioral task
behavioral1
Sample
DRIDEX (5).dll
Resource
win7
windows7_x64
0 signatures
0 seconds
General
-
Target
DRIDEX (5).dll
-
Size
320KB
-
MD5
ba63ad4202ec9c9c9e16f2e6e6e13eed
-
SHA1
53a76c846bb0800264abc9a0c5f448da9b51f72f
-
SHA256
147ebcc44853cc5a776a50bb099177d4d87e00960aec208d2283f0b0c8c08b99
-
SHA512
d359b89ccc3350ed2c1dff4c21e1bae1ada8a1a54324ed611a4d3ebfa577773d5d2cdb245104e8a921aaeb28eba31c49146e7b8c6e2d817a3042272e357c9e01
Malware Config
Extracted
Family
dridex
Botnet
10444
C2
151.236.219.181:443
142.4.6.57:14043
162.144.127.197:3786
103.40.116.68:5443
rc4.plain
rc4.plain
Signatures
-
resource yara_rule behavioral1/memory/1452-1-0x0000000074880000-0x00000000748BD000-memory.dmp dridex_ldr -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1124 wrote to memory of 1452 1124 rundll32.exe 24 PID 1124 wrote to memory of 1452 1124 rundll32.exe 24 PID 1124 wrote to memory of 1452 1124 rundll32.exe 24 PID 1124 wrote to memory of 1452 1124 rundll32.exe 24 PID 1124 wrote to memory of 1452 1124 rundll32.exe 24 PID 1124 wrote to memory of 1452 1124 rundll32.exe 24 PID 1124 wrote to memory of 1452 1124 rundll32.exe 24