Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
21-09-2021 10:02
Static task
static1
Behavioral task
behavioral1
Sample
a5513cadb437d6243dc463d836a03e62.exe
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
a5513cadb437d6243dc463d836a03e62.exe
-
Size
890KB
-
MD5
a5513cadb437d6243dc463d836a03e62
-
SHA1
a16e4767112e43f150a255cad6c56d440d945380
-
SHA256
6232728af29302ef0a4675b3c5a255b5e9ee800c221823ecb4d4cab8cc0f7edb
-
SHA512
d31cca6691b5d06e2d21e56bf4ec8e087fff6d153f0fa80cd669ed6517ce4dae3813c8771e4cabdeb57a2491fa45a5d8ecd4e048e1dcfa64d738fd8bf042cbb2
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
188.252.100.181:9676
42.112.35.46:8443
103.58.102.177:7443
rc4.plain
rc4.plain
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
a5513cadb437d6243dc463d836a03e62.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA a5513cadb437d6243dc463d836a03e62.exe