Analysis
-
max time kernel
84s -
max time network
118s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
12-01-2021 15:29
Static task
static1
Behavioral task
behavioral1
Sample
l0sjk3o.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
l0sjk3o.dll
-
Size
329KB
-
MD5
68183c1d9929e5502729e95454eca8e0
-
SHA1
cfd4c7413fa9216afef60201895c3a620ea6801c
-
SHA256
9e39f4494952dfedc6608ebad6c832474045bfaba3ccbb69f8194a2681311eac
-
SHA512
98fa8564b0da7d8286819e1bf174ec84b4dc922f327e1397db8b08d5ab61637da39a79d0bf66f793e1381ca83de896c130bc03a45181bc4af237a5295ca738e7
Malware Config
Extracted
Family
dridex
Botnet
10555
C2
77.220.64.37:443
80.86.91.27:3308
5.100.228.233:3389
46.105.131.65:1512
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral2/memory/1484-3-0x0000000000400000-0x000000000043D000-memory.dmp dridex_ldr -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
regsvr32.exedescription pid process target process PID 576 wrote to memory of 1484 576 regsvr32.exe regsvr32.exe PID 576 wrote to memory of 1484 576 regsvr32.exe regsvr32.exe PID 576 wrote to memory of 1484 576 regsvr32.exe regsvr32.exe