Analysis
-
max time kernel
87s -
max time network
136s -
platform
windows10_x64 -
resource
win10-en -
submitted
20-09-2021 11:44
Behavioral task
behavioral1
Sample
a8fee149ef35b4ef6f905b8966802a66.exe
Resource
win7-en-20210916
windows7_x64
0 signatures
0 seconds
General
-
Target
a8fee149ef35b4ef6f905b8966802a66.exe
-
Size
899KB
-
MD5
a8fee149ef35b4ef6f905b8966802a66
-
SHA1
16dfd72d0acf534a0c402d4a6fd4a0c68117fc5b
-
SHA256
d3272e0e7a5ea32d4276901bcf10767f4293dd067d70393b305966e17f9e4ac9
-
SHA512
ef7059618e90bad8fc8aa03bc3063daf00f437110cff7b7449961dd2bc7174795d5f01568ab6550dcd9d5c24fe902797481dae86f196beafcb3f2be51dcea53d
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
212.39.115.102:9676
54.37.84.240:10172
156.67.220.186:6225
rc4.plain
rc4.plain
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
a8fee149ef35b4ef6f905b8966802a66.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA a8fee149ef35b4ef6f905b8966802a66.exe