Analysis
-
max time kernel
9s -
max time network
99s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
19-11-2020 15:05
Static task
static1
Behavioral task
behavioral1
Sample
dridex.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
dridex.dll
-
Size
539KB
-
MD5
61954aadde68824dc4a7f709ef14c4d5
-
SHA1
9563a7393c02f5541c7b37af31304037a2c1fcb8
-
SHA256
2aed6c38a383b9c88add24ea8479d4ecabba5c7329046e2893ddb73947691174
-
SHA512
5d62cb2fa628c2f3ace929912aeb24e3260c5708bbbf79b5e3ba2df727a99283b440d90c15d80952cecd17bfc605a86c8c4dc3bb2fd4d0b248609472a40e1ce9
Malware Config
Extracted
Family
dridex
Botnet
10555
C2
162.241.44.26:9443
192.232.229.53:4443
77.220.64.34:443
193.90.12.121:3098
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral2/memory/1512-1-0x0000000004E00000-0x0000000004E3D000-memory.dmp dridex_ldr -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1304 wrote to memory of 1512 1304 rundll32.exe rundll32.exe PID 1304 wrote to memory of 1512 1304 rundll32.exe rundll32.exe PID 1304 wrote to memory of 1512 1304 rundll32.exe rundll32.exe