Analysis
-
max time kernel
24s -
max time network
60s -
platform
windows10_x64 -
resource
win10-en-20211014 -
submitted
12-11-2021 11:54
General
-
Target
7b38b9c14389d7c57591a3aa4ae8a8f847ff7314f40e9cd2987ee5d4d22e84e9.exe
-
Size
1.6MB
-
MD5
509000b87e20c31a8975a035ba8af42c
-
SHA1
a1a07f9d5801b73214ce5d3675faaeb1e4a70c02
-
SHA256
7b38b9c14389d7c57591a3aa4ae8a8f847ff7314f40e9cd2987ee5d4d22e84e9
-
SHA512
46b7b04d810fe52e31bd20e7457bd232a69ce9754ea9aebc89dcab4577d2c6186f1edebd84434e9d25c933d6b3e1ebed67e3503f157575996f4acda288a56493
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
81.169.224.222:3389
62.75.168.106:3886
82.165.152.127:3389
rc4.plain
rc4.plain
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
7b38b9c14389d7c57591a3aa4ae8a8f847ff7314f40e9cd2987ee5d4d22e84e9.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 7b38b9c14389d7c57591a3aa4ae8a8f847ff7314f40e9cd2987ee5d4d22e84e9.exe