Analysis
-
max time kernel
148s -
max time network
82s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
11-10-2021 12:48
Static task
static1
Behavioral task
behavioral1
Sample
ac41b32112843274e4ffae34e11867bf.exe
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
ac41b32112843274e4ffae34e11867bf.exe
-
Size
379KB
-
MD5
ac41b32112843274e4ffae34e11867bf
-
SHA1
11a692980e75cdae8dc704774b48d7248000e6ab
-
SHA256
b25e2a9b4e658c038dacab83460dfaa656623cbec82b4e276cc7e3722f71089d
-
SHA512
423498634fa7846ece448318adc5d6a30984c2e00451db0960b9d18c86fc7e85fd47d2fe030dcb9ec9289a5d368df930b0c8f1b1798dc0cc5c71b122bed5685a
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
212.112.86.37:9676
184.168.147.173:6225
72.52.96.202:8194
rc4.plain
rc4.plain
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
ac41b32112843274e4ffae34e11867bf.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA ac41b32112843274e4ffae34e11867bf.exe