Analysis
-
max time kernel
12s -
max time network
112s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
13-01-2021 11:17
Static task
static1
Behavioral task
behavioral1
Sample
ymuyks.rar.dll
Resource
win7v20201028
0 signatures
0 seconds
General
-
Target
ymuyks.rar.dll
-
Size
311KB
-
MD5
3932842c83bdae09d7beb3525d0bbd50
-
SHA1
4820ed71a8f66aaa01ef08c742258389a6c4f895
-
SHA256
57bfee1e4e0ab516bba59255c176e9d9f39de17458833b6c05f43b46c404175b
-
SHA512
1d3c8214d65c0206dd8fe150ac237ebf81b74181eb35c47733f5b890fecf3dd9d353e97627eeaf8d5e7c567835d0cee3cb0277a346b1a52fecbd3661eb9758aa
Malware Config
Extracted
Family
dridex
Botnet
10444
C2
77.220.64.37:443
80.86.91.27:3308
5.100.228.233:3389
46.105.131.65:1512
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral2/memory/1596-3-0x0000000002E40000-0x0000000002E7D000-memory.dmp dridex_ldr -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 412 wrote to memory of 1596 412 rundll32.exe rundll32.exe PID 412 wrote to memory of 1596 412 rundll32.exe rundll32.exe PID 412 wrote to memory of 1596 412 rundll32.exe rundll32.exe