General
-
Target
setups.exe
-
Size
2.0MB
-
Sample
210410-f88s56xzq6
-
MD5
2f6511abc3a54d2ecadc0970805a0ad6
-
SHA1
a2b304428f02d9f4b23c24cc7fe80f319a51f204
-
SHA256
be315dc46922d27c67a50ebadaa0d47425f89108c5657841aaee35ae5375ec7e
-
SHA512
81165db7fd648f1944b3365722baff3884bebb8328c901a8e3e80c318ebba4c88c092df3982eaf013b3757047442a8fed93048222c5a757d45185bd93c835638
Static task
static1
Behavioral task
behavioral1
Sample
setups.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
setups.exe
Resource
win10v20201028
Malware Config
Extracted
dridex
10111
131.100.24.231:443
188.165.17.91:8443
185.148.169.10:2303
Targets
-
-
Target
setups.exe
-
Size
2.0MB
-
MD5
2f6511abc3a54d2ecadc0970805a0ad6
-
SHA1
a2b304428f02d9f4b23c24cc7fe80f319a51f204
-
SHA256
be315dc46922d27c67a50ebadaa0d47425f89108c5657841aaee35ae5375ec7e
-
SHA512
81165db7fd648f1944b3365722baff3884bebb8328c901a8e3e80c318ebba4c88c092df3982eaf013b3757047442a8fed93048222c5a757d45185bd93c835638
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-