Analysis
-
max time kernel
8s -
max time network
114s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
21-06-2021 07:14
Static task
static1
Behavioral task
behavioral1
Sample
a5d2da83ba4ac307fa3207772e45767a.exe
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
a5d2da83ba4ac307fa3207772e45767a.exe
-
Size
1.4MB
-
MD5
a5d2da83ba4ac307fa3207772e45767a
-
SHA1
e8f10d008b6eb42d451df77c6613f2876f6138e5
-
SHA256
a5fc669f505c4e801fbe0859af1db44e55462bc59d78d5d6c90b7d3a78701728
-
SHA512
052a7764a97375e376e359d39467bc1cc7432f1f7df817e0a64b7a4ad2a1f8014226a90a40216ad2c1e310c61f1e8c73923dfb6b2bc515b5099a429807be98ff
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
139.59.59.242:443
91.207.28.33:13786
178.128.197.110:4664
rc4.plain
rc4.plain
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
a5d2da83ba4ac307fa3207772e45767a.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA a5d2da83ba4ac307fa3207772e45767a.exe