Analysis
-
max time kernel
128s -
max time network
130s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
05-01-2021 04:03
Behavioral task
behavioral1
Sample
7b38b9c14389d7c57591a3aa4ae8a8f847ff7314f40e9cd2987ee5d4d22e84e9.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
7b38b9c14389d7c57591a3aa4ae8a8f847ff7314f40e9cd2987ee5d4d22e84e9.exe
-
Size
1.6MB
-
MD5
509000b87e20c31a8975a035ba8af42c
-
SHA1
a1a07f9d5801b73214ce5d3675faaeb1e4a70c02
-
SHA256
7b38b9c14389d7c57591a3aa4ae8a8f847ff7314f40e9cd2987ee5d4d22e84e9
-
SHA512
46b7b04d810fe52e31bd20e7457bd232a69ce9754ea9aebc89dcab4577d2c6186f1edebd84434e9d25c933d6b3e1ebed67e3503f157575996f4acda288a56493
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
81.169.224.222:3389
62.75.168.106:3886
82.165.152.127:3389
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1824-2-0x0000000000400000-0x000000000043D000-memory.dmp dridex_ldr -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
7b38b9c14389d7c57591a3aa4ae8a8f847ff7314f40e9cd2987ee5d4d22e84e9.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 7b38b9c14389d7c57591a3aa4ae8a8f847ff7314f40e9cd2987ee5d4d22e84e9.exe