Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
27-09-2021 08:27
Static task
static1
Behavioral task
behavioral1
Sample
80e0890fa5319c63d2a07086b833f4aa9bd33e8c2b314cc752082f618d1eb4f1.exe
Resource
win7-en-20210920
windows7_x64
0 signatures
0 seconds
General
-
Target
80e0890fa5319c63d2a07086b833f4aa9bd33e8c2b314cc752082f618d1eb4f1.exe
-
Size
1.3MB
-
MD5
3012fb748ffbe618abb44ee93612a1be
-
SHA1
b177a0b5255777e56d77f67f1bdd18c9e49a3097
-
SHA256
80e0890fa5319c63d2a07086b833f4aa9bd33e8c2b314cc752082f618d1eb4f1
-
SHA512
a751e72f35cc7c4b11a7e7efacad9e77850d5f6619802c5b7749fc22c1c3959eff992d41fc124fb0dd57cac992a6042cfa228bf83d8629ad039debe7e209e33b
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
188.165.17.91:8443
81.0.236.90:6601
rc4.plain
rc4.plain
Signatures
-
Dridex v4 dropper C2 parsing function 1 IoCs
Processes:
resource yara_rule behavioral2/memory/3732-116-0x0000000000400000-0x000000000054F000-memory.dmp DridexLoader -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
80e0890fa5319c63d2a07086b833f4aa9bd33e8c2b314cc752082f618d1eb4f1.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 80e0890fa5319c63d2a07086b833f4aa9bd33e8c2b314cc752082f618d1eb4f1.exe