Overview

overview

10

Static

static

dffb2b2f46...01.dll

windows7_x64

10

dffb2b2f46...01.dll

windows10_x64

10

Analysis

  • max time kernel
    19s
  • max time network
    112s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    21-04-2021 17:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dffb2b2f4681001350fb8c0a44f5ffaca7205dd4df9082c6bec3223ed83c8501.dll

  • Size

    162KB

  • MD5

    478b918d9df5c12a06c1fbc90c7da1db

  • SHA1

    7cd24bdaf7de98ff777adbf5500e89d2da6ceb88

  • SHA256

    dffb2b2f4681001350fb8c0a44f5ffaca7205dd4df9082c6bec3223ed83c8501

  • SHA512

    7a892fe6d2fd9d1e325a5fbf94edb730b557db319e2bc0b926a7c2f1af938671c8c30db42cac09800629a2c6cfc4c6b61a818e9e68b044b77139f671033d65cd

Score
10/10
dridex40112botnetevasionloadertrojan

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172
rc4.plain
rc4.plain

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Loader 1 IoCs

    Detects Dridex both x86 and x64 loader in memory.

    botnetloader
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\dffb2b2f4681001350fb8c0a44f5ffaca7205dd4df9082c6bec3223ed83c8501.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3876
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\dffb2b2f4681001350fb8c0a44f5ffaca7205dd4df9082c6bec3223ed83c8501.dll,#1
      2⤵
      • Checks whether UAC is enabled
      PID:3120

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3120-114-0x0000000000000000-mapping.dmp
    Download
  • memory/3120-115-0x0000000074300000-0x000000007432E000-memory.dmp
    Filesize

    184KB

    Download
  • memory/3120-117-0x0000000000400000-0x000000000054A000-memory.dmp
    Filesize

    1.3MB

    Download