Analysis
-
max time kernel
50s -
max time network
112s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
20-01-2021 07:30
General
-
Target
6caba7e0bee7373c2c620f1e12b85896.dll
-
Size
236KB
-
MD5
6caba7e0bee7373c2c620f1e12b85896
-
SHA1
b6a881f9f02ed06a24fd3e32b77a9ac84d08131c
-
SHA256
c8a21f3ba32b9e1557b9146648a3ce2dc39a53e6fc07d58b736b385d9b0b777a
-
SHA512
e9463b48754c92264dc2b24c89ee63da4d853118e646883c7f9906ca2e2485654b419822bc4912becc9d60557c9cef1d79767b503aec15edc7d7f3696da865c1
Score
10/10
Malware Config
Extracted
Family
dridex
Botnet
111
C2
52.73.70.149:443
8.4.9.152:3786
185.246.87.202:3098
50.116.111.64:5353
rc4.plain
rc4.plain
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Loader 2 IoCs
Detects Dridex both x86 and x64 loader in memory.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6caba7e0bee7373c2c620f1e12b85896.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6caba7e0bee7373c2c620f1e12b85896.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1008-2-0x0000000000000000-mapping.dmp
-
memory/1008-3-0x00000000743E0000-0x000000007441D000-memory.dmpFilesize
244KB
-
memory/1008-4-0x0000000002BF0000-0x0000000002BF6000-memory.dmpFilesize
24KB
-
memory/1008-5-0x00000000743E0000-0x00000000743FF000-memory.dmpFilesize
124KB