Analysis
-
max time kernel
1714s -
max time network
1720s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
30-08-2021 13:05
General
-
Target
Q530_2b873808495d353f904e97e1b046da74697a8840b0f8440405150bcb653da482.bin.exe
-
Size
633KB
-
MD5
d0dc361abfedb436ab6c10709cdd26a7
-
SHA1
88f84f37d02ff60dd354684714ccd2139670af15
-
SHA256
2b873808495d353f904e97e1b046da74697a8840b0f8440405150bcb653da482
-
SHA512
6925dbef901332798c4a846b53148f2adf256dc44b319140cc96c824b90d88b0668cde65db22970de4bf0f5ab94ddb9f6ff2d327a49a62a9555c67071f32199a
Score
10/10
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
195.234.101.236:8443
209.89.76.47:10172
167.99.61.111:7443
rc4.plain
rc4.plain
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Q530_2b873808495d353f904e97e1b046da74697a8840b0f8440405150bcb653da482.bin.exe"C:\Users\Admin\AppData\Local\Temp\Q530_2b873808495d353f904e97e1b046da74697a8840b0f8440405150bcb653da482.bin.exe"1⤵
- Checks whether UAC is enabled
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/784-60-0x0000000075AA1000-0x0000000075AA3000-memory.dmpFilesize
8KB
-
memory/784-61-0x00000000001B0000-0x00000000001EC000-memory.dmpFilesize
240KB
-
memory/784-62-0x0000000000400000-0x00000000004A2000-memory.dmpFilesize
648KB