Analysis
-
max time kernel
85s -
max time network
108s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
22-04-2021 00:20
General
-
Target
5acae68666a1342099c1061e2451d3da99218088c98a4eb8532b14130db96263.dll
-
Size
162KB
-
MD5
68834cc5fe8e7bae296b204134786146
-
SHA1
208af3d6be4314087f1c9ecc3776849eecc6e716
-
SHA256
5acae68666a1342099c1061e2451d3da99218088c98a4eb8532b14130db96263
-
SHA512
3863f2b8f3adfe8e2cd342b32f191ad89ec590845ab6c3f79440e9c6e8c380afc009b66c1860568ad2e32abe4ca76c693849e492fb0410eedc669f50969788c2
Score
10/10
Malware Config
Extracted
Family
dridex
Botnet
40112
C2
107.172.227.10:443
172.93.133.123:2303
108.168.61.147:8172
rc4.plain
rc4.plain
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Loader 1 IoCs
Detects Dridex both x86 and x64 loader in memory.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5acae68666a1342099c1061e2451d3da99218088c98a4eb8532b14130db96263.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5acae68666a1342099c1061e2451d3da99218088c98a4eb8532b14130db96263.dll,#12⤵
- Checks whether UAC is enabled
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1716-114-0x0000000000000000-mapping.dmp
-
memory/1716-115-0x0000000073990000-0x00000000739BE000-memory.dmpFilesize
184KB
-
memory/1716-117-0x0000000000C20000-0x0000000000C26000-memory.dmpFilesize
24KB