Analysis
-
max time kernel
10s -
max time network
68s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
20-11-2020 05:28
Behavioral task
behavioral1
Sample
Fhdtme10.bin.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
Fhdtme10.bin.dll
-
Size
590KB
-
MD5
429d63af6c900c0c2f7c2b82dec86a7e
-
SHA1
6f3c788b9223c6d99d34235c86bcc00056a2c73f
-
SHA256
b6c782d71a48aaf6b23d0c9f2f6490c008d8f3f87d43b3c1a6f18343ddc63874
-
SHA512
0f1cc54093f788e6549cc0149f2d0d3c52e82b76222a4563c995c3bc8c207f4a2583f585b4f0ae522c85a5994a9953238c094e589cfcab3f4688ac9dd244ff4c
Malware Config
Extracted
Family
dridex
Botnet
10555
C2
162.241.44.26:9443
192.232.229.53:4443
77.220.64.34:443
193.90.12.121:3098
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral2/memory/1136-1-0x0000000004ED0000-0x0000000004F0D000-memory.dmp dridex_ldr -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 828 wrote to memory of 1136 828 rundll32.exe rundll32.exe PID 828 wrote to memory of 1136 828 rundll32.exe rundll32.exe PID 828 wrote to memory of 1136 828 rundll32.exe rundll32.exe