Analysis
-
max time kernel
14s -
max time network
135s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
04-07-2021 07:08
General
-
Target
5b478c97213c493e88ad38fa017db4ab.exe
-
Size
1.0MB
-
MD5
5b478c97213c493e88ad38fa017db4ab
-
SHA1
219474316e41df563322149b653cb160c0d49167
-
SHA256
fe9f82e1175d3a18ca3e0244318d2e485ed7a51b475bc366ba768af62a83d875
-
SHA512
58e8fb42a92620a1ec67169d5214409eec3b873634a3fe0c98889ed25401ab0cc97a0bcec16d31eefc1b8706cfc9e2ecd8271c5932f0c861f1f10bd57b62d16f
Score
10/10
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
104.168.155.129:443
142.4.219.173:4664
176.31.117.84:9443
rc4.plain
rc4.plain
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5b478c97213c493e88ad38fa017db4ab.exe"C:\Users\Admin\AppData\Local\Temp\5b478c97213c493e88ad38fa017db4ab.exe"1⤵
- Checks whether UAC is enabled
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/584-115-0x0000000000400000-0x0000000000508000-memory.dmpFilesize
1.0MB
-
memory/584-114-0x0000000000670000-0x00000000006AC000-memory.dmpFilesize
240KB