Analysis
-
max time kernel
134s -
max time network
144s -
platform
windows7_x64 -
resource
win7-en-20211104 -
submitted
01-12-2021 17:15
Static task
static1
Behavioral task
behavioral1
Sample
a56390598fe2114dd6972ebb75d961fa.exe
Resource
win7-en-20211104
windows7_x64
0 signatures
0 seconds
General
-
Target
a56390598fe2114dd6972ebb75d961fa.exe
-
Size
975KB
-
MD5
a56390598fe2114dd6972ebb75d961fa
-
SHA1
aa024218c3a03f719f6c6c40d8bc41ca12023285
-
SHA256
f4f87832676d8c9dee41457745ae435de84d96dc72c41bfc16e0162a8ef522a1
-
SHA512
d05442b1bf2acc82de3b2439aef3b19561e40ece3fe93b55bf613c0a5f9b496d690660ccd9ba00f19cf3247bca7f06a3d0cd7ae481eeb7a001c26553a4ad9371
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
45.63.36.79:8194
45.79.80.198:9676
81.223.127.86:10172
rc4.plain
rc4.plain
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
a56390598fe2114dd6972ebb75d961fa.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA a56390598fe2114dd6972ebb75d961fa.exe