Analysis
-
max time kernel
46s -
max time network
54s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
11-05-2021 13:09
General
-
Target
e019bc49e14a61dd90015e0b4d61140463aa4cf2e03041a927da36501ce9f0f5.dll
-
Size
162KB
-
MD5
372a32bcdfcf0705b553a5d96c8d7f28
-
SHA1
2f6aadd3a4bf3572ac7ef75d9ad02e6e699c45ce
-
SHA256
e019bc49e14a61dd90015e0b4d61140463aa4cf2e03041a927da36501ce9f0f5
-
SHA512
d2b621843a2c8daea406576b2ebf8ec1fd307b48b189c415f4eab8eed5d93f2d2c9d462aa227414463dcdff6a9cbcb82d1d0499fb494666a1bfeabeefb02d406
Score
10/10
Malware Config
Extracted
Family
dridex
Botnet
40112
C2
107.172.227.10:443
172.93.133.123:2303
108.168.61.147:8172
rc4.plain
rc4.plain
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Loader 1 IoCs
Detects Dridex both x86 and x64 loader in memory.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e019bc49e14a61dd90015e0b4d61140463aa4cf2e03041a927da36501ce9f0f5.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e019bc49e14a61dd90015e0b4d61140463aa4cf2e03041a927da36501ce9f0f5.dll,#12⤵
- Checks whether UAC is enabled
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3088-114-0x0000000000000000-mapping.dmp
-
memory/3088-115-0x0000000074400000-0x000000007442E000-memory.dmpFilesize
184KB
-
memory/3088-117-0x0000000003280000-0x0000000003286000-memory.dmpFilesize
24KB