Analysis
-
max time kernel
28s -
max time network
110s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
21-04-2021 14:58
General
-
Target
c01d4a1eb5fec15bd87f0258a2d524738e03dee02b291c6aab5eeaaa15a7d6e2.dll
-
Size
162KB
-
MD5
f12d59f5bb85a0ed20a6d2cb5c2aa4f3
-
SHA1
e11c5a790b6c891b22e8c3e8ca879898ce875b31
-
SHA256
c01d4a1eb5fec15bd87f0258a2d524738e03dee02b291c6aab5eeaaa15a7d6e2
-
SHA512
fffedbb44c5ef88e44890d7f8a8f3ac37b28090811b0fbe7900cb1295afb5be164a8b583f50e1d7b9e0466d02a86858520a88c6cf834d51887fca2f0b53f6c5d
Score
10/10
Malware Config
Extracted
Family
dridex
Botnet
40112
C2
107.172.227.10:443
172.93.133.123:2303
108.168.61.147:8172
rc4.plain
rc4.plain
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Loader 1 IoCs
Detects Dridex both x86 and x64 loader in memory.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c01d4a1eb5fec15bd87f0258a2d524738e03dee02b291c6aab5eeaaa15a7d6e2.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c01d4a1eb5fec15bd87f0258a2d524738e03dee02b291c6aab5eeaaa15a7d6e2.dll,#12⤵
- Checks whether UAC is enabled
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
-
Filesize
184KB
-
Filesize
24KB