General
-
Target
ptytmbdu.dll
-
Size
466KB
-
Sample
201109-edapq7x6j2
-
MD5
b0be7de75e36cc4322c757184cc6f3c8
-
SHA1
09ff86f5dbaab94cef3278cc4801463ebe9cef01
-
SHA256
fcd9abcb235ec7aea9a425394952653a57b44ba9233e934289d2b6892fac82b2
-
SHA512
b3ef6e0097399eff439bcda580c7ad08126dae194cbe5858d99aac1ccf91d56fcf7c2a9faa8246fbd8e06a47692be15ddb358f4f5f4e824ad97d20b5129c2586
Static task
static1
Behavioral task
behavioral1
Sample
ptytmbdu.dll
Resource
win7v20201028
Malware Config
Extracted
dridex
10444
38.88.126.131:443
145.239.169.32:8443
163.172.7.152:443
45.79.135.98:691
Targets
-
-
Target
ptytmbdu.dll
-
Size
466KB
-
MD5
b0be7de75e36cc4322c757184cc6f3c8
-
SHA1
09ff86f5dbaab94cef3278cc4801463ebe9cef01
-
SHA256
fcd9abcb235ec7aea9a425394952653a57b44ba9233e934289d2b6892fac82b2
-
SHA512
b3ef6e0097399eff439bcda580c7ad08126dae194cbe5858d99aac1ccf91d56fcf7c2a9faa8246fbd8e06a47692be15ddb358f4f5f4e824ad97d20b5129c2586
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-