General
Static task
static1
URLScan task
urlscan1
Sample
http://zero.testtrack.xyz/
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
51.68.224.245:4646
188.165.17.91:8443
173.255.246.77:691
rc4.plain
rc4.plain
Targets
-
-
Target
http://zero.testtrack.xyz/
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Program crash
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-