ucjk7st

General
Target

ucjk7st.dll

Filesize

426KB

Completed

26-11-2020 12:07

Score
10 /10
MD5

455e8c40a659762249a13b5ef6cfb2cb

SHA1

818423b1fc4f4149e2bda0feb359c1605de1eb6c

SHA256

8ceb186696c9bda47466e5ecd1d0f0d5f93318e8bdc6b42454dd3be884e99e33

Malware Config

Extracted

Family dridex
Botnet 10555
C2

194.225.58.216:443

178.254.40.132:691

216.172.165.70:3889

198.57.200.100:3786

rc4.plain
rc4.plain
Signatures 3

Filter: none

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Reported IOCs

    resourceyara_rule
    behavioral2/memory/408-1-0x0000000004E50000-0x0000000004E8D000-memory.dmpdridex_ldr
  • Suspicious use of WriteProcessMemory
    rundll32.exe

    Reported IOCs

    descriptionpidprocesstarget process
    PID 640 wrote to memory of 408640rundll32.exerundll32.exe
    PID 640 wrote to memory of 408640rundll32.exerundll32.exe
    PID 640 wrote to memory of 408640rundll32.exerundll32.exe
Processes 2
  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ucjk7st.dll,#1
    Suspicious use of WriteProcessMemory
    PID:640
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\ucjk7st.dll,#1
      PID:408
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • memory/408-0-0x0000000000000000-mapping.dmp

                          • memory/408-1-0x0000000004E50000-0x0000000004E8D000-memory.dmp