Analysis
-
max time kernel
26s -
max time network
119s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
24-06-2021 07:02
General
-
Target
12b70758d432c5ba73934a71bb229c09bdcab957d7e89aff49a1656e78888b99.dll
-
Size
162KB
-
MD5
6cdd6669cb66336de4a6c773e4bd7b43
-
SHA1
38f878a5504ee808f158db22726ecad199aab5ab
-
SHA256
12b70758d432c5ba73934a71bb229c09bdcab957d7e89aff49a1656e78888b99
-
SHA512
e8fb3db0d27b2bf8e671990ab40977485394e2544842cfda059f65d95bc507911a0562638f167cc3f19a9c31c8df937c3facb11c5b4f7d9c7ec557ddc16941fe
Score
10/10
Malware Config
Extracted
Family
dridex
Botnet
40112
C2
107.172.227.10:443
172.93.133.123:2303
108.168.61.147:8172
rc4.plain
rc4.plain
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Loader 1 IoCs
Detects Dridex both x86 and x64 loader in memory.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\12b70758d432c5ba73934a71bb229c09bdcab957d7e89aff49a1656e78888b99.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\12b70758d432c5ba73934a71bb229c09bdcab957d7e89aff49a1656e78888b99.dll,#12⤵
- Checks whether UAC is enabled
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4872-114-0x0000000000000000-mapping.dmp
-
memory/4872-115-0x0000000073880000-0x00000000738AE000-memory.dmpFilesize
184KB
-
memory/4872-117-0x0000000003110000-0x0000000003116000-memory.dmpFilesize
24KB