Overview

overview

10

Static

static

SecuriteIn...11.dll

windows7_x64

10

SecuriteIn...11.dll

windows10_x64

10

Analysis

  • max time kernel
    49s
  • max time network
    114s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    21-01-2021 14:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Generic.mg.6d5e0ebf3d8c6d2b.30211.dll

  • Size

    836KB

  • MD5

    6d5e0ebf3d8c6d2b88adc17304da36fd

  • SHA1

    d461df26f4017d4cbeecd2c47c3392dd7e442b76

  • SHA256

    c2a8f4fcab529f809b7bf59726a480f70d0e3304f1a9947049fdf2b1567a0c47

  • SHA512

    55ee969fa44aed795acac9073777b0568d944f352340923aad2a027cae2b2d11f0d1a371e3647fd4757ac5723664cb5c880a4b9625b629d49e05c1f5ef1f5225

Score
10/10
dridex10444botnetloader

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

194.225.58.214:443

211.110.44.63:5353

69.164.207.140:3388

198.57.200.100:3786
rc4.plain
rc4.plain

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Loader 3 IoCs

    Detects Dridex both x86 and x64 loader in memory.

    botnetloader
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Generic.mg.6d5e0ebf3d8c6d2b.30211.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:984
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Generic.mg.6d5e0ebf3d8c6d2b.30211.dll
      2⤵
        PID:3972

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3972-2-0x0000000000000000-mapping.dmp
      Download
    • memory/3972-3-0x0000000073B30000-0x0000000073B6D000-memory.dmp
      Filesize

      244KB

      Download
    • memory/3972-4-0x0000000073B30000-0x0000000073B6D000-memory.dmp
      Filesize

      244KB

      Download
    • memory/3972-5-0x0000000002F60000-0x0000000002F61000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3972-6-0x0000000073B30000-0x0000000073B6D000-memory.dmp
      Filesize

      244KB

      Download