General
-
Target
zdnnagb.dll
-
Size
1.1MB
-
Sample
210422-pjnryy16kx
-
MD5
bcdb8892ade3fbcef1e017b8c8acca6a
-
SHA1
e206f3101ea0ba57a23507148e8770b8e6815272
-
SHA256
0b1d65243616e6e7dd9804775739f945cc67e80018a9584139efc45698a20185
-
SHA512
31ecf280c0569d3c2c03fcb32619768535eee199e03a67f10be4a308ba4f533cfa0a79ab8e70d146f85dffe9b6b5d16869e2c65b4504afb7ffea424f4c0cbf82
Static task
static1
Behavioral task
behavioral1
Sample
zdnnagb.dll
Resource
win7v20210408
Malware Config
Extracted
dridex
10444
146.185.170.249:443
62.75.251.60:6601
185.148.168.25:2303
Targets
-
-
Target
zdnnagb.dll
-
Size
1.1MB
-
MD5
bcdb8892ade3fbcef1e017b8c8acca6a
-
SHA1
e206f3101ea0ba57a23507148e8770b8e6815272
-
SHA256
0b1d65243616e6e7dd9804775739f945cc67e80018a9584139efc45698a20185
-
SHA512
31ecf280c0569d3c2c03fcb32619768535eee199e03a67f10be4a308ba4f533cfa0a79ab8e70d146f85dffe9b6b5d16869e2c65b4504afb7ffea424f4c0cbf82
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-