Analysis
-
max time kernel
41s -
max time network
110s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
13-01-2021 19:09
Static task
static1
Behavioral task
behavioral1
Sample
mfyxb.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
mfyxb.dll
-
Size
236KB
-
MD5
8e821425efac1d3f2f905f4bfa76424f
-
SHA1
50c773785cb17532f3d4d04d6b0efc43fc22c3ee
-
SHA256
fdf50dbb288d2bd4a325783e72c1e5c598c87ed11725131f14f449dd6cc22cb1
-
SHA512
a3052984d3b029f461048f132e7d9c00e30a7d892e82ae8bc6e191c4047bf3d80e678f8892ba5be0a51b902a1deddf5773218c8a38d66295b585cf476f48f03c
Malware Config
Extracted
Family
dridex
Botnet
111
C2
52.73.70.149:443
8.4.9.152:3786
185.246.87.202:3098
50.116.111.64:5353
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral2/memory/900-3-0x0000000074220000-0x000000007423F000-memory.dmp dridex_ldr -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 640 wrote to memory of 900 640 rundll32.exe rundll32.exe PID 640 wrote to memory of 900 640 rundll32.exe rundll32.exe PID 640 wrote to memory of 900 640 rundll32.exe rundll32.exe