Analysis
-
max time kernel
39s -
max time network
106s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
14-01-2021 09:56
Static task
static1
Behavioral task
behavioral1
Sample
huR9GcNBnM6.dll
Resource
win7v20201028
0 signatures
0 seconds
General
-
Target
huR9GcNBnM6.dll
-
Size
236KB
-
MD5
09e6a4f78487634f1aaf4ffb5f1f9291
-
SHA1
417d5c51bcdda9a2efc5e9336b00dc1f8e4d015a
-
SHA256
fe0c930569fcd78494353879f7c5aceaec69cf7ea44f184d4e7f3c9d7573ad1e
-
SHA512
64d1f45520ca83f22fc18990e43260acb8a6a6fb4d9f8816126866ee42e8a633e647b50fba309b24c89d6654e4dc199d48cb15ab2ba0d493cf8ffdec4ab5a27a
Malware Config
Extracted
Family
dridex
Botnet
111
C2
52.73.70.149:443
8.4.9.152:3786
185.246.87.202:3098
50.116.111.64:5353
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral2/memory/1596-3-0x00000000736F0000-0x000000007370F000-memory.dmp dridex_ldr -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1112 wrote to memory of 1596 1112 rundll32.exe rundll32.exe PID 1112 wrote to memory of 1596 1112 rundll32.exe rundll32.exe PID 1112 wrote to memory of 1596 1112 rundll32.exe rundll32.exe