General
Static task
static1
URLScan task
urlscan1
Sample
https://nawa-store.com/shopinside
Behavioral task
behavioral1
Sample
https://nawa-store.com/shopinside
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
https://nawa-store.com/shopinside
Resource
win11
windows11_x64
0 signatures
0 seconds
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
103.30.247.116:6225
148.251.238.52:10172
209.216.243.2:7443
rc4.plain
rc4.plain
Targets
-
-
Target
https://nawa-store.com/shopinside
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-