Analysis

  • max time kernel
    32s
  • max time network
    66s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    15-03-2021 14:30

General

  • Target

    d85b5a035656cf873192520ac433602a41e87c1ef66470292979a8ad2b25ea9a.exe

  • Size

    1.4MB

  • MD5

    8f5b98bc67db654e9fbd12a76e42ab2f

  • SHA1

    9e50baf491d7eda341f5ff56e101ab3360427e93

  • SHA256

    d85b5a035656cf873192520ac433602a41e87c1ef66470292979a8ad2b25ea9a

  • SHA512

    dbb0fbea683d37eae6f6d3e5259c71a4eeb4a8881661c2e8c9beaf8eec1d21fb52442a3d930e129c943e4af80302c2f3c764f90cc65e4765e744290a80da2975

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

188.165.17.91:8443

210.65.244.186:6601

rc4.plain
rc4.plain

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

  • Dridex Loader 2 IoCs

    Detects Dridex both x86 and x64 loader in memory.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d85b5a035656cf873192520ac433602a41e87c1ef66470292979a8ad2b25ea9a.exe
    "C:\Users\Admin\AppData\Local\Temp\d85b5a035656cf873192520ac433602a41e87c1ef66470292979a8ad2b25ea9a.exe"
    1⤵
    • Checks whether UAC is enabled
    PID:1812

Network

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1708-6-0x000007FEF7540000-0x000007FEF77BA000-memory.dmp
    Filesize

    2.5MB

  • memory/1812-2-0x0000000000400000-0x000000000043D000-memory.dmp
    Filesize

    244KB

  • memory/1812-3-0x0000000075781000-0x0000000075783000-memory.dmp
    Filesize

    8KB

  • memory/1812-4-0x00000000002B0000-0x00000000002EC000-memory.dmp
    Filesize

    240KB

  • memory/1812-5-0x0000000000400000-0x000000000043D000-memory.dmp
    Filesize

    244KB