Analysis
-
max time kernel
78s -
max time network
121s -
platform
windows10_x64 -
resource
win10-en-20211104 -
submitted
19-11-2021 18:37
Static task
static1
Behavioral task
behavioral1
Sample
ab1b11895f9bf582a78ffedb98fb73f9.exe
Resource
win7-en-20211014
windows7_x64
0 signatures
0 seconds
General
-
Target
ab1b11895f9bf582a78ffedb98fb73f9.exe
-
Size
1.1MB
-
MD5
ab1b11895f9bf582a78ffedb98fb73f9
-
SHA1
e90aaac85fc3a4690c5f4831f0e6b2b96e294cd7
-
SHA256
dd31f209d69ff7e0580253cd7c5978b1d619f696f915a98de72c84446da8393a
-
SHA512
bd72b97f433dbb614102beb91458303ba22f54325ce5869330c1071a0cf91926bdb4207916195d9b1a853c0d41b58d0a616a34a254f2f517efcc9df1d20b8215
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
5.189.150.29:9676
62.171.139.106:10172
216.177.137.53:8194
rc4.plain
rc4.plain
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
ab1b11895f9bf582a78ffedb98fb73f9.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA ab1b11895f9bf582a78ffedb98fb73f9.exe