Analysis
-
max time kernel
6s -
max time network
5s -
platform
windows7_x64 -
resource
win7-en-20211104 -
submitted
12-11-2021 11:55
Behavioral task
behavioral1
Sample
7b38b9c14389d7c57591a3aa4ae8a8f847ff7314f40e9cd2987ee5d4d22e84e9.exe
Resource
win7-en-20211104
windows7_x64
0 signatures
0 seconds
General
-
Target
7b38b9c14389d7c57591a3aa4ae8a8f847ff7314f40e9cd2987ee5d4d22e84e9.exe
-
Size
1.6MB
-
MD5
509000b87e20c31a8975a035ba8af42c
-
SHA1
a1a07f9d5801b73214ce5d3675faaeb1e4a70c02
-
SHA256
7b38b9c14389d7c57591a3aa4ae8a8f847ff7314f40e9cd2987ee5d4d22e84e9
-
SHA512
46b7b04d810fe52e31bd20e7457bd232a69ce9754ea9aebc89dcab4577d2c6186f1edebd84434e9d25c933d6b3e1ebed67e3503f157575996f4acda288a56493
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
81.169.224.222:3389
62.75.168.106:3886
82.165.152.127:3389
rc4.plain
rc4.plain
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
7b38b9c14389d7c57591a3aa4ae8a8f847ff7314f40e9cd2987ee5d4d22e84e9.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 7b38b9c14389d7c57591a3aa4ae8a8f847ff7314f40e9cd2987ee5d4d22e84e9.exe