Analysis
-
max time kernel
137s -
max time network
138s -
platform
windows10_x64 -
resource
win10-en-20211014 -
submitted
19-11-2021 00:47
Static task
static1
Behavioral task
behavioral1
Sample
4d3dcbadf6f445272f29d6b6740f667a795eb868df091700068fb1019423a8ae.exe
Resource
win7-en-20211104
windows7_x64
0 signatures
0 seconds
General
-
Target
4d3dcbadf6f445272f29d6b6740f667a795eb868df091700068fb1019423a8ae.exe
-
Size
1.1MB
-
MD5
c4ce940c742ef7bda96af8a7bb87119c
-
SHA1
a100a0f454c1a22784a721d559c57650df1846b3
-
SHA256
4d3dcbadf6f445272f29d6b6740f667a795eb868df091700068fb1019423a8ae
-
SHA512
f1bae1a74c8b293c8957902fd13b18e7906db35aa850cee17f0b9d0526ca04fe70b23c424884912b4e6c38b049b3d09172b3ac728d603cd84627aecc1559da8e
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
5.180.25.190:6225
45.63.36.79:8194
45.79.80.198:9676
rc4.plain
rc4.plain
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
4d3dcbadf6f445272f29d6b6740f667a795eb868df091700068fb1019423a8ae.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 4d3dcbadf6f445272f29d6b6740f667a795eb868df091700068fb1019423a8ae.exe