Analysis
-
max time kernel
78s -
max time network
121s -
platform
windows10_x64 -
resource
win10-en-20211104 -
submitted
19-11-2021 18:37
General
-
Target
ab1b11895f9bf582a78ffedb98fb73f9.exe
-
Size
1.1MB
-
MD5
ab1b11895f9bf582a78ffedb98fb73f9
-
SHA1
e90aaac85fc3a4690c5f4831f0e6b2b96e294cd7
-
SHA256
dd31f209d69ff7e0580253cd7c5978b1d619f696f915a98de72c84446da8393a
-
SHA512
bd72b97f433dbb614102beb91458303ba22f54325ce5869330c1071a0cf91926bdb4207916195d9b1a853c0d41b58d0a616a34a254f2f517efcc9df1d20b8215
Score
10/10
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
5.189.150.29:9676
62.171.139.106:10172
216.177.137.53:8194
rc4.plain
rc4.plain
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ab1b11895f9bf582a78ffedb98fb73f9.exe"C:\Users\Admin\AppData\Local\Temp\ab1b11895f9bf582a78ffedb98fb73f9.exe"1⤵
- Checks whether UAC is enabled
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3992-118-0x0000000002240000-0x000000000227C000-memory.dmpFilesize
240KB
-
memory/3992-119-0x0000000000400000-0x0000000000510000-memory.dmpFilesize
1.1MB