Analysis
-
max time kernel
52s -
max time network
115s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
14-01-2021 09:56
Static task
static1
Behavioral task
behavioral1
Sample
Rvlx1evnUjlGIy.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
Rvlx1evnUjlGIy.dll
-
Size
236KB
-
MD5
cd743ffac9e64c81fc1fc7bc8b5bd92e
-
SHA1
6147955bf60f4ba501b820e972c0efb237df5ed0
-
SHA256
65b77f03c8dcc095dc51d0bd3a273a94b0c616187440f2fcdd2c3e9da1f7e787
-
SHA512
5a1830d816c2f73602fdc55371c14bb332a9ca753da9a17572dffb4f66c8f6832794c7394f9817a4983c7f73f0d94978ddf68a204393a2e289775ff3d007eb76
Malware Config
Extracted
Family
dridex
Botnet
111
C2
52.73.70.149:443
8.4.9.152:3786
185.246.87.202:3098
50.116.111.64:5353
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral2/memory/3300-3-0x0000000073E00000-0x0000000073E1F000-memory.dmp dridex_ldr -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4076 wrote to memory of 3300 4076 rundll32.exe rundll32.exe PID 4076 wrote to memory of 3300 4076 rundll32.exe rundll32.exe PID 4076 wrote to memory of 3300 4076 rundll32.exe rundll32.exe