General
Static task
static1
URLScan task
urlscan1
Sample
https://cryptomoneyinsider.biz/cryptopayself?cpm_id=108012425&cpm_cost=0.0015
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
194.150.118.7:443
49.212.179.180:3889
69.64.62.4:4443
rc4.plain
rc4.plain
Targets
-
-
Target
https://cryptomoneyinsider.biz/cryptopayself?cpm_id=108012425&cpm_cost=0.0015
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-