ucjk7st
General
Target
Filesize
Completed
ucjk7st.dll
426KB
26-11-2020 12:07
Score
10
/10
MD5
SHA1
SHA256
455e8c40a659762249a13b5ef6cfb2cb
818423b1fc4f4149e2bda0feb359c1605de1eb6c
8ceb186696c9bda47466e5ecd1d0f0d5f93318e8bdc6b42454dd3be884e99e33
Malware Config
Extracted
| Family | dridex |
| Botnet | 10555 |
| C2 |
194.225.58.216:443 178.254.40.132:691 216.172.165.70:3889 198.57.200.100:3786 |
| rc4.plain |
|
| rc4.plain |
|
Signatures 3
Filter: none
-
Dridex
Description
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
Tags
-
Dridex Loader
Description
Detects Dridex both x86 and x64 loader in memory.
Tags
Reported IOCs
resource yara_rule behavioral2/memory/408-1-0x0000000004E50000-0x0000000004E8D000-memory.dmp dridex_ldr -
Suspicious use of WriteProcessMemoryrundll32.exe
Reported IOCs
description pid process target process PID 640 wrote to memory of 408 640 rundll32.exe rundll32.exe PID 640 wrote to memory of 408 640 rundll32.exe rundll32.exe PID 640 wrote to memory of 408 640 rundll32.exe rundll32.exe
Processes 2
-
C:\Windows\system32\rundll32.exePID:640rundll32.exe C:\Users\Admin\AppData\Local\Temp\ucjk7st.dll,#1Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exePID:408rundll32.exe C:\Users\Admin\AppData\Local\Temp\ucjk7st.dll,#1
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
memory/408-0-0x0000000000000000-mapping.dmp
-
memory/408-1-0x0000000004E50000-0x0000000004E8D000-memory.dmp
Title
Loading Data