Analysis
-
max time kernel
118s -
max time network
117s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
08-12-2020 10:19
General
-
Target
igjkrk3rar.dll
-
Size
412KB
-
MD5
a413b165cbd657e4126a58bd6b682679
-
SHA1
5a368528e181e52f431eb185d36522e9f6bb4d98
-
SHA256
62cfd2cdd48db44396cccb21e1001ce58edfccbb0a9a8cc6730fa5f50ad20f4d
-
SHA512
f2c235d60c2367a8b3470e034741b20f36bab233bfd2994408a84ca5f79478d32bbb6277158477035eb93127839a4985f92783e161923f44ff8f7efe03f91c79
Score
10/10
Malware Config
Extracted
Family
dridex
Botnet
10555
C2
104.131.164.93:443
46.101.90.205:4643
27.254.174.84:4443
92.94.251.127:3786
rc4.plain
rc4.plain
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Loader 1 IoCs
Detects Dridex both x86 and x64 loader in memory.
-
Blocklisted process makes network request 2 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\igjkrk3rar.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\igjkrk3rar.dll,#12⤵
- Blocklisted process makes network request
- Checks whether UAC is enabled
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1528-2-0x0000000000000000-mapping.dmp
-
memory/1528-3-0x0000000000760000-0x000000000079D000-memory.dmpFilesize
244KB
-
memory/1728-4-0x000007FEF77C0000-0x000007FEF7A3A000-memory.dmpFilesize
2.5MB