General
-
Target
ghen5nlzip
-
Size
556KB
-
Sample
201112-zgphfxrh7s
-
MD5
ee69629c63e45daebdd031f840562b34
-
SHA1
302b7da0d9472c75869d6c48eee9fb6b652dc618
-
SHA256
d7093640c50ebce8ea387148099bb0e30c9387d2748f728f10398dfd4e365450
-
SHA512
43033b847b28c5781b65d18a8ba898a6572b5b687b46ac03318604ee9e8aad6964f723265bb1375eecc0b66a411955823540661e1e2c3da29466a060804a5419
Static task
static1
Behavioral task
behavioral1
Sample
ghen5nlzip.dll
Resource
win7v20201028
Malware Config
Extracted
dridex
10444
77.220.64.39:443
69.164.207.140:3388
78.47.139.43:4443
103.244.206.74:33443
Targets
-
-
Target
ghen5nlzip
-
Size
556KB
-
MD5
ee69629c63e45daebdd031f840562b34
-
SHA1
302b7da0d9472c75869d6c48eee9fb6b652dc618
-
SHA256
d7093640c50ebce8ea387148099bb0e30c9387d2748f728f10398dfd4e365450
-
SHA512
43033b847b28c5781b65d18a8ba898a6572b5b687b46ac03318604ee9e8aad6964f723265bb1375eecc0b66a411955823540661e1e2c3da29466a060804a5419
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-