Analysis
-
max time kernel
150s -
max time network
91s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
12-01-2021 22:27
Behavioral task
behavioral1
Sample
0b9758948f5771d7e658b51c9090f40e.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
0b9758948f5771d7e658b51c9090f40e.exe
-
Size
1.0MB
-
MD5
0b9758948f5771d7e658b51c9090f40e
-
SHA1
138a154c0b34b81c676c77fc4dbd6d78a4cfa0f1
-
SHA256
804847cda6696325cafcd7c711bd96050d5c82e607669319638b8e9d709d6395
-
SHA512
3919249807858e33d69a926f4f6b51c73a21579aac2937eb639d5911176d69fe24a1041bb9496d0bdadd2f46b887223d27b015bfbf714ba51c3c390c7bd10355
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
162.241.44.26:9443
185.184.25.234:4664
138.201.138.91:3389
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral1/memory/836-2-0x0000000000400000-0x000000000043D000-memory.dmp dridex_ldr -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
0b9758948f5771d7e658b51c9090f40e.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 0b9758948f5771d7e658b51c9090f40e.exe