Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
09-11-2020 20:21
General
-
Target
SecuriteInfo.com.Trojan.Dridex.704.22500.31078.dll
-
Size
647KB
-
MD5
cd63f0981882dc0eae43d92879b23b90
-
SHA1
71eb9e3940d1353930f9c006c5757f588a6d0d28
-
SHA256
bb0063629c3a51ea01a188e9f89e0a8b2ca68030d0cdaac6bd84cd100007cfc3
-
SHA512
a3c14d37081861be863f99d044c18bf3aede33c9265e845b55eb5c870d8b368f7eb39a499e699165c3e57661475430d9a38b299b8a063f79314b85038a260748
Score
10/10
Malware Config
Extracted
Family
zloader
Botnet
bot5
Campaign
bot5
C2
https://militanttra.at/owg.php
rc4.plain
Signatures
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 16 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Dridex.704.22500.31078.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Dridex.704.22500.31078.dll,#12⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msiexec.exemsiexec.exe3⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1324-5-0x000007FEF7FE0000-0x000007FEF825A000-memory.dmpFilesize
2.5MB
-
memory/1720-1-0x00000000000D0000-0x0000000000107000-memory.dmpFilesize
220KB
-
memory/1720-2-0x0000000000110000-0x0000000000111000-memory.dmpFilesize
4KB
-
memory/1720-3-0x00000000000D0000-0x0000000000107000-memory.dmpFilesize
220KB
-
memory/1720-4-0x0000000000000000-mapping.dmp
-
memory/1820-0-0x0000000000000000-mapping.dmp