General
Static task
static1
URLScan task
urlscan1
Sample
http://zeroexit.xyz/9HJDckdsvfsdefvs34
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
157.7.166.26:5353
162.144.127.197:3786
46.22.57.17:5037
rc4.plain
rc4.plain
Targets
-
-
Target
http://zeroexit.xyz/9HJDckdsvfsdefvs34
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Program crash
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-