Analysis
-
max time kernel
27s -
max time network
119s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
23-06-2021 08:01
General
-
Target
dba44d4541dfc56d5bae19ddc2e987f9e9863cde5779a3c0b98401926f3fedd2.dll
-
Size
158KB
-
MD5
0a716459cf2bbe469b9d632ace0c21fb
-
SHA1
4c65b2485c25d4fc2ec1a769ef054f3e7311b7b1
-
SHA256
dba44d4541dfc56d5bae19ddc2e987f9e9863cde5779a3c0b98401926f3fedd2
-
SHA512
838c24d9f21f5405728c83b0d1d40a7a1567c931c3178ecfb210008b0d99cbcaa4dcb9cd62aabea019f01e73309cd2cdc3db9791fa4c20c63a6ac3d260677385
Score
10/10
Malware Config
Extracted
Family
dridex
Botnet
40111
C2
8.210.53.215:443
72.249.22.245:2303
188.40.137.206:8172
rc4.plain
rc4.plain
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Loader 1 IoCs
Detects Dridex both x86 and x64 loader in memory.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dba44d4541dfc56d5bae19ddc2e987f9e9863cde5779a3c0b98401926f3fedd2.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dba44d4541dfc56d5bae19ddc2e987f9e9863cde5779a3c0b98401926f3fedd2.dll,#12⤵
- Checks whether UAC is enabled
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3236-114-0x0000000000000000-mapping.dmp
-
memory/3236-115-0x0000000073F20000-0x0000000073F4D000-memory.dmpFilesize
180KB
-
memory/3236-117-0x00000000009E0000-0x00000000009E6000-memory.dmpFilesize
24KB