Resubmissions
25-06-2021 19:42
210625-wy94q2qayj 1017-01-2021 18:05
210117-bpe9avge42 1015-01-2021 04:37
210115-yvmrxampqn 10Analysis
-
max time kernel
8s -
max time network
65s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
17-01-2021 18:05
Behavioral task
behavioral1
Sample
jv9qx.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
jv9qx.exe
-
Size
1.1MB
-
MD5
cf9ed678f826ebfb8be9bd1b428bbd57
-
SHA1
d52dc282c3fed1594b14d2a5cd79e3ca60ef3614
-
SHA256
0376f97c21d2f00bc9c0919ce108ef14a2b3b1b356b2caa502a6cae81c7798f2
-
SHA512
6005e8906f92e8d0f973fbae62bccd2ce1ebe0a7dccd74416591d0b7f7dd67954b8a19f7c6e1ab2f8e7e4feeb8ab17e585c998b7d8edc36c84142da01748f2d2
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
162.241.44.26:9443
185.184.25.234:4664
138.201.138.91:3389
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1668-3-0x0000000000400000-0x000000000043D000-memory.dmp dridex_ldr behavioral1/memory/1668-5-0x0000000000400000-0x000000000043D000-memory.dmp dridex_ldr -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
jv9qx.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA jv9qx.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1668-2-0x0000000074B31000-0x0000000074B33000-memory.dmpFilesize
8KB
-
memory/1668-3-0x0000000000400000-0x000000000043D000-memory.dmpFilesize
244KB
-
memory/1668-5-0x0000000000400000-0x000000000043D000-memory.dmpFilesize
244KB
-
memory/1668-4-0x0000000000220000-0x000000000025C000-memory.dmpFilesize
240KB
-
memory/1800-6-0x000007FEF7080000-0x000007FEF72FA000-memory.dmpFilesize
2.5MB