Analysis
-
max time kernel
20s -
max time network
118s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
05-09-2021 05:54
Behavioral task
behavioral1
Sample
a926ce002ec36ee94869a97ffe6c5ca9.exe
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
a926ce002ec36ee94869a97ffe6c5ca9.exe
-
Size
1.9MB
-
MD5
a926ce002ec36ee94869a97ffe6c5ca9
-
SHA1
aee181b411d3115d3d848b6b958f4749a5720b50
-
SHA256
2fef01ec46bc56992c5719d335add15e15b3329790b943f52df9c340a1b6b369
-
SHA512
9095c9850bacc788c41d67b6a180c254d8aa6b626ac2de7a9fe46d3a8f705aedb6d95873570070ae5d96fc414b1f2d1e48de0d416285168594f8316992e1ff7e
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
207.154.208.93:6225
103.92.200.13:9676
45.80.173.80:9676
rc4.plain
rc4.plain
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
a926ce002ec36ee94869a97ffe6c5ca9.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA a926ce002ec36ee94869a97ffe6c5ca9.exe