Analysis
-
max time kernel
58s -
max time network
110s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
02-11-2020 18:16
General
-
Target
bfe2mddol.dll
-
Size
752KB
-
MD5
fd3da0ce820ee753901011f520ecd2b1
-
SHA1
31c739f637c7588cd430c60566c2aea402f70a45
-
SHA256
1f4d7b9217afd5254350c56788693bee5ecaa46b7f7c07354045826910dacb3c
-
SHA512
267124d68055413495344847f8c068e9f90635407a17370f93ec1afae7b6a65c3f987e5acc84838b4a8b79c62c281341bd466027f377bc25e7cb52c6ded0a354
Score
10/10
Malware Config
Extracted
Family
dridex
Botnet
10444
C2
195.154.237.245:443
46.105.131.73:8172
91.238.160.158:18443
213.183.128.99:3786
rc4.plain
rc4.plain
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Loader 1 IoCs
Detects Dridex both x86 and x64 loader in memory.
-
Blocklisted process makes network request 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bfe2mddol.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bfe2mddol.dll,#12⤵
- Blocklisted process makes network request
- Checks whether UAC is enabled
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4008-0-0x0000000000000000-mapping.dmp
-
memory/4008-1-0x0000000004950000-0x000000000498D000-memory.dmpFilesize
244KB