Unrthppaf.bin
General
Target
Filesize
Completed
Unrthppaf.bin.dll
426KB
26-11-2020 07:51
Score
10
/10
MD5
SHA1
SHA256
2b47214db606e21fb5d58cc7c3a27242
8b71bd0a2618d26a16a85245e7a92aef6d3da967
b12b65a39a6261016b7473cfd08c316cee6958739e00bb746331bdfb52b4b0bb
Malware Config
Extracted
| Family | dridex |
| Botnet | 10555 |
| C2 |
194.225.58.216:443 178.254.40.132:691 216.172.165.70:3889 198.57.200.100:3786 |
| rc4.plain |
|
| rc4.plain |
|
Signatures 3
Filter: none
-
Dridex
Description
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
Tags
-
Dridex Loader
Description
Detects Dridex both x86 and x64 loader in memory.
Tags
Reported IOCs
resource yara_rule behavioral2/memory/1004-1-0x0000000002F40000-0x0000000002F7D000-memory.dmp dridex_ldr -
Suspicious use of WriteProcessMemoryrundll32.exe
Reported IOCs
description pid process target process PID 492 wrote to memory of 1004 492 rundll32.exe rundll32.exe PID 492 wrote to memory of 1004 492 rundll32.exe rundll32.exe PID 492 wrote to memory of 1004 492 rundll32.exe rundll32.exe
Processes 2
-
C:\Windows\system32\rundll32.exePID:492rundll32.exe C:\Users\Admin\AppData\Local\Temp\Unrthppaf.bin.dll,#1Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exePID:1004rundll32.exe C:\Users\Admin\AppData\Local\Temp\Unrthppaf.bin.dll,#1
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
memory/1004-0-0x0000000000000000-mapping.dmp
-
memory/1004-1-0x0000000002F40000-0x0000000002F7D000-memory.dmp
Title
Loading Data