General
Static task
static1
URLScan task
urlscan1
Sample
http://zeroexit.xyz/9HJDckdsvfsdefvs34
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
97.107.127.227:443
87.106.18.216:5037
185.184.25.235:5037
rc4.plain
rc4.plain
Targets
-
-
Target
http://zeroexit.xyz/9HJDckdsvfsdefvs34
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-