Analysis
-
max time kernel
496s -
max time network
498s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
26-11-2020 08:55
Static task
static1
General
-
Target
nsetldk.dll
-
Size
630KB
-
MD5
3ce5469a7a34b52cc10fd3f17c29b3a5
-
SHA1
d6b121e7a8ed0e94c2e89e33ea6828290f858e90
-
SHA256
9f38af84820dc29e805029409bbb2a5765036775973e3898b6db1f66c1b47270
-
SHA512
6e9746d0377d6a5d09ee0d8cc7cb8660443420868e6be21cb587293b4869fc45793a55a9c6d44b46fce7dcbb722535954882dd6f4f126448b1f03e56fb916bb2
Malware Config
Extracted
Family
dridex
Botnet
10555
C2
194.225.58.216:443
178.254.40.132:691
216.172.165.70:3889
198.57.200.100:3786
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral1/memory/764-1-0x00000000746A0000-0x00000000746DD000-memory.dmp dridex_ldr -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
regsvr32.exedescription pid process target process PID 1432 wrote to memory of 764 1432 regsvr32.exe regsvr32.exe PID 1432 wrote to memory of 764 1432 regsvr32.exe regsvr32.exe PID 1432 wrote to memory of 764 1432 regsvr32.exe regsvr32.exe PID 1432 wrote to memory of 764 1432 regsvr32.exe regsvr32.exe PID 1432 wrote to memory of 764 1432 regsvr32.exe regsvr32.exe PID 1432 wrote to memory of 764 1432 regsvr32.exe regsvr32.exe PID 1432 wrote to memory of 764 1432 regsvr32.exe regsvr32.exe