Analysis
-
max time kernel
82s -
max time network
10s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
14-01-2021 09:55
Static task
static1
Behavioral task
behavioral1
Sample
GSB36ZV2sQVn.dll
Resource
win7v20201028
0 signatures
0 seconds
General
-
Target
GSB36ZV2sQVn.dll
-
Size
236KB
-
MD5
983c4f8c64cc3ffe72dfe6aefa921dee
-
SHA1
8babeab5037f7e3e7db5934a62bbcec4cb8dfda2
-
SHA256
d1bbb5dee037f3f892b843bb16de30a63ada202842f7c7445bb3f62a14d1dd40
-
SHA512
68b89efac7dd4807f0bf0711d8aaee8a308e018f374a3863bbfd1e61b73db7f3f034d5192441c41c0388f4d052bce31bb155875075f1102e4ef8af7a598b70c2
Malware Config
Extracted
Family
dridex
Botnet
111
C2
52.73.70.149:443
8.4.9.152:3786
185.246.87.202:3098
50.116.111.64:5353
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1916-3-0x0000000074A10000-0x0000000074A2F000-memory.dmp dridex_ldr -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 596 wrote to memory of 1916 596 rundll32.exe rundll32.exe PID 596 wrote to memory of 1916 596 rundll32.exe rundll32.exe PID 596 wrote to memory of 1916 596 rundll32.exe rundll32.exe PID 596 wrote to memory of 1916 596 rundll32.exe rundll32.exe PID 596 wrote to memory of 1916 596 rundll32.exe rundll32.exe PID 596 wrote to memory of 1916 596 rundll32.exe rundll32.exe PID 596 wrote to memory of 1916 596 rundll32.exe rundll32.exe