Analysis
-
max time kernel
129s -
max time network
107s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
27-09-2021 08:55
Behavioral task
behavioral1
Sample
17d36ce5350a437c264cbc5138bf16a3f0be702b851803d342bfad2d522debea.exe
Resource
win7v20210408
General
-
Target
17d36ce5350a437c264cbc5138bf16a3f0be702b851803d342bfad2d522debea.exe
-
Size
1MB
-
MD5
d446be44cf28f59942f016a2c506de34
-
SHA1
2e331df29abe48e7cc25791fb92fe81970eae03d
-
SHA256
17d36ce5350a437c264cbc5138bf16a3f0be702b851803d342bfad2d522debea
-
SHA512
e49c8f8e1aa53e749e0a2ce918916a1c0e5dc61456fa43831a6a04497e04d1c0927d50b97fc38642021713605161b914242fe234fc10f582b6d635bc52421a85
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
188.165.17.91:8443
195.210.28.233:6601
rc4.plain
rc4.plain
Signatures
-
Dridex v4 dropper C2 parsing function 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1808-62-0x0000000000400000-0x000000000056A000-memory.dmp DridexLoader -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
17d36ce5350a437c264cbc5138bf16a3f0be702b851803d342bfad2d522debea.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 17d36ce5350a437c264cbc5138bf16a3f0be702b851803d342bfad2d522debea.exe