Resubmissions
23-11-2020 08:20
201123-8781tq461a 10Analysis
-
max time kernel
12s -
max time network
113s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
23-11-2020 08:20
Static task
static1
Behavioral task
behavioral1
Sample
ojh69yt.zip.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
ojh69yt.zip.dll
-
Size
539KB
-
MD5
3dd08a111c25ec4fd73599b389f628b0
-
SHA1
3e5b5c0f3437af1c5c559d94da64d6e0d36dc56f
-
SHA256
aa1b00f53b9ee1ee1edeaeab7b7d272d1c8e84cd3140b32e9a15a89f90a7166a
-
SHA512
a4e01216ff2a304141c690cecebecdd2f20032ccda8f78e26aef392194a7fd1790754c9f1f38e61738d48b6f1c0468c5372cfa44161d4b959608e7c95a58d862
Malware Config
Extracted
Family
dridex
Botnet
10444
C2
162.241.44.26:9443
192.232.229.53:4443
77.220.64.34:443
193.90.12.121:3098
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral2/memory/744-1-0x0000000000650000-0x000000000068D000-memory.dmp dridex_ldr -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4032 wrote to memory of 744 4032 rundll32.exe rundll32.exe PID 4032 wrote to memory of 744 4032 rundll32.exe rundll32.exe PID 4032 wrote to memory of 744 4032 rundll32.exe rundll32.exe