Analysis
-
max time kernel
132s -
max time network
134s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
30-01-2021 21:53
General
-
Target
1b870dab19a3650ab790037ae327b7cb.bin.dll
-
Size
371KB
-
MD5
1b870dab19a3650ab790037ae327b7cb
-
SHA1
3fd3d813417c0872d1a1374439351dd53500a024
-
SHA256
642ab82c74a436b00f64a17174e23f40a64b721b6128e80a70e3cbffc7d3424a
-
SHA512
707779597690d2178622be05956a2bf49456dd63f70cfba6e03971fdcb4179e754d3a1a725dd08768c8bd91333e1e3d113e791b726ed198b2c7b6175bd4f5087
Score
10/10
Malware Config
Extracted
Family
dridex
Botnet
10555
C2
194.225.58.214:443
211.110.44.63:5353
69.164.207.140:3388
198.57.200.100:3786
rc4.plain
rc4.plain
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Loader 2 IoCs
Detects Dridex both x86 and x64 loader in memory.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\1b870dab19a3650ab790037ae327b7cb.bin.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\1b870dab19a3650ab790037ae327b7cb.bin.dll2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1504-2-0x0000000000000000-mapping.dmp
-
memory/1504-3-0x0000000000400000-0x000000000043D000-memory.dmpFilesize
244KB
-
memory/1504-5-0x0000000000400000-0x0000000000475000-memory.dmpFilesize
468KB
-
memory/1504-4-0x0000000003200000-0x0000000003201000-memory.dmpFilesize
4KB