Analysis
-
max time kernel
122s -
max time network
122s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
18-11-2020 12:37
Behavioral task
behavioral1
Sample
ebfrx57.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
ebfrx57.dll
-
Size
539KB
-
MD5
99b10941dd60a6d6e9833ddd7dd8bf87
-
SHA1
819f39375b87402693f0d0e5f3434c5747234227
-
SHA256
1fd19222df72ea875613e81a37e94c30a25cb2d69d857159ee1d7fdfc8848348
-
SHA512
c9474466bb4ed8ff2661c26f407d9f7a59b9820f6e46181bbf76dd4fdd60d489626077c468fac8002941b788131e11c006cb78b541151ea70eda60d0e009b58d
Malware Config
Extracted
Family
dridex
Botnet
10444
C2
162.241.44.26:9443
192.232.229.53:4443
77.220.64.34:443
193.90.12.121:3098
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral2/memory/3996-1-0x0000000001160000-0x000000000119D000-memory.dmp dridex_ldr -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1028 wrote to memory of 3996 1028 rundll32.exe rundll32.exe PID 1028 wrote to memory of 3996 1028 rundll32.exe rundll32.exe PID 1028 wrote to memory of 3996 1028 rundll32.exe rundll32.exe