General
Static task
static1
URLScan task
urlscan1
Sample
https://anklexit.online/twDGMjtfsacfa3e
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
188.165.17.91:8443
185.216.27.185:8172
182.254.209.230:6516
rc4.plain
rc4.plain
Targets
-
-
Target
https://anklexit.online/twDGMjtfsacfa3e
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Program crash
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-