Analysis
-
max time kernel
120s -
max time network
119s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
25-01-2021 23:04
Behavioral task
behavioral1
Sample
gfia6.bin.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
97.107.127.227:443
87.106.18.216:5037
185.184.25.235:5037
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1732-3-0x0000000000400000-0x000000000043D000-memory.dmp dridex_ldr behavioral1/memory/1732-5-0x0000000000400000-0x000000000043D000-memory.dmp dridex_ldr -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
gfia6.bin.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA gfia6.bin.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1732-2-0x0000000075AE1000-0x0000000075AE3000-memory.dmpFilesize
8KB
-
memory/1732-3-0x0000000000400000-0x000000000043D000-memory.dmpFilesize
244KB
-
memory/1732-4-0x0000000000220000-0x000000000025C000-memory.dmpFilesize
240KB
-
memory/1732-5-0x0000000000400000-0x000000000043D000-memory.dmpFilesize
244KB
-
memory/1784-6-0x000007FEF6400000-0x000007FEF667A000-memory.dmpFilesize
2.5MB