Analysis
-
max time kernel
12s -
max time network
113s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
11-04-2021 02:58
Static task
static1
Behavioral task
behavioral1
Sample
cym4u.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
cym4u.exe
-
Size
1.3MB
-
MD5
a5a2a0ac915966ab32b9e9f695126a52
-
SHA1
869854919007c3f0c2774510996c49fc826701c2
-
SHA256
50df8be8a37f5f41e2ff36a747dd5e372b400444673d8359fc64a48786526624
-
SHA512
5d4f713a57fbe48d4580269c4580c3d4d5c1c3ea03365b0452d4fdc2b89e26c719e7bd982d9a98358079e18524e18946694489717540566882088591429739ad
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
131.100.24.231:443
188.165.17.91:8443
185.148.169.10:2303
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral2/memory/1020-115-0x0000000000400000-0x0000000000548000-memory.dmp dridex_ldr -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
cym4u.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA cym4u.exe