Analysis
-
max time kernel
10s -
max time network
120s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
26-11-2020 07:49
Static task
static1
Behavioral task
behavioral1
Sample
Unrthppaf.bin.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
Unrthppaf.bin.dll
-
Size
426KB
-
MD5
2b47214db606e21fb5d58cc7c3a27242
-
SHA1
8b71bd0a2618d26a16a85245e7a92aef6d3da967
-
SHA256
b12b65a39a6261016b7473cfd08c316cee6958739e00bb746331bdfb52b4b0bb
-
SHA512
908057911bc6458f608700814b65be5706825314181f54ca42bd3745dd856cdee85a7b39a5d6f7c57e3203951e4c86578ad4079bfd1d5189a876c714c984c8fe
Malware Config
Extracted
Family
dridex
Botnet
10555
C2
194.225.58.216:443
178.254.40.132:691
216.172.165.70:3889
198.57.200.100:3786
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral2/memory/1004-1-0x0000000002F40000-0x0000000002F7D000-memory.dmp dridex_ldr -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 492 wrote to memory of 1004 492 rundll32.exe rundll32.exe PID 492 wrote to memory of 1004 492 rundll32.exe rundll32.exe PID 492 wrote to memory of 1004 492 rundll32.exe rundll32.exe