Analysis
-
max time kernel
13s -
max time network
112s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
18-11-2020 23:20
Static task
static1
Behavioral task
behavioral1
Sample
s.bin.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
s.bin.dll
-
Size
540KB
-
MD5
bf44f8eef8654d6b2ce11c302351e02a
-
SHA1
a6fd4a421ca6041f91cb7ce63a6c33f2a1fde0c1
-
SHA256
581a2419d8e96d3367e5ead5f7de2c743133db0e69e6f3721d4a99c9ebafda36
-
SHA512
83d6cd60373366d501130b0c23db0c74fde4f7151d8a89a9e2987321f784b72c71517c1aaa24f7a8cf11cd9a3e8028b7771d27795b1f7f80778ecb66316b8678
Malware Config
Extracted
Family
dridex
Botnet
10444
C2
162.241.44.26:9443
192.232.229.53:4443
77.220.64.34:443
193.90.12.121:3098
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral2/memory/1168-1-0x00000000044D0000-0x000000000450D000-memory.dmp dridex_ldr -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 656 wrote to memory of 1168 656 rundll32.exe rundll32.exe PID 656 wrote to memory of 1168 656 rundll32.exe rundll32.exe PID 656 wrote to memory of 1168 656 rundll32.exe rundll32.exe