Analysis
-
max time kernel
9s -
max time network
102s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
19-11-2020 13:04
Static task
static1
Behavioral task
behavioral1
Sample
qz0h69pdf.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
qz0h69pdf.dll
-
Size
539KB
-
MD5
ba7ddbd663a50b149b22d810f4211207
-
SHA1
06faf7fce11b89e4119c70c5a8cb56d97ab68bab
-
SHA256
eb1a0c3677f4b416e43e2c4d88a30d1f5bd4d9b00b1e0c48efef31b034465e3c
-
SHA512
cc26dd7686669b6af424cf6da3114e2fa2d5131a165f3711893ff4a9952c66918f080bf7593cf9010a8d63cfda2f447cb30fea321838cbf95c6415615307b403
Malware Config
Extracted
Family
dridex
Botnet
10555
C2
162.241.44.26:9443
192.232.229.53:4443
77.220.64.34:443
193.90.12.121:3098
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral2/memory/4832-1-0x0000000004020000-0x000000000405D000-memory.dmp dridex_ldr -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4752 wrote to memory of 4832 4752 rundll32.exe rundll32.exe PID 4752 wrote to memory of 4832 4752 rundll32.exe rundll32.exe PID 4752 wrote to memory of 4832 4752 rundll32.exe rundll32.exe