General
-
Target
eae537de7f5de3a3f3eb0b5021c78cc2e951186bf8411d045eab1ac9c6cc62f8
-
Size
1.1MB
-
Sample
210420-ea4e4l2st6
-
MD5
e6b7ec0dd1cd7b8f7c08ec2d4d369d8d
-
SHA1
6da00a5ce8acc27e9fef642c932153dc8f152f6b
-
SHA256
eae537de7f5de3a3f3eb0b5021c78cc2e951186bf8411d045eab1ac9c6cc62f8
-
SHA512
4a44fb582fff394d0bc6039aa392fa7164d47f8e2720f3214f4258c048715fe7ef64b0d9f35eb9ca1e8e29ab4698d0a1b1ab621dcd96cf6d00830a93a80ae623
Static task
static1
Behavioral task
behavioral1
Sample
eae537de7f5de3a3f3eb0b5021c78cc2e951186bf8411d045eab1ac9c6cc62f8.dll
Resource
win7v20210408
Malware Config
Extracted
dridex
10444
146.185.170.249:443
62.75.251.60:6601
185.148.168.25:2303
Targets
-
-
Target
eae537de7f5de3a3f3eb0b5021c78cc2e951186bf8411d045eab1ac9c6cc62f8
-
Size
1.1MB
-
MD5
e6b7ec0dd1cd7b8f7c08ec2d4d369d8d
-
SHA1
6da00a5ce8acc27e9fef642c932153dc8f152f6b
-
SHA256
eae537de7f5de3a3f3eb0b5021c78cc2e951186bf8411d045eab1ac9c6cc62f8
-
SHA512
4a44fb582fff394d0bc6039aa392fa7164d47f8e2720f3214f4258c048715fe7ef64b0d9f35eb9ca1e8e29ab4698d0a1b1ab621dcd96cf6d00830a93a80ae623
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-