Analysis
-
max time kernel
144s -
max time network
149s -
platform
windows10_x64 -
resource
win10-en-20211104 -
submitted
06-12-2021 06:33
General
-
Target
ada221efca37a367af3fd2737f631950.exe
-
Size
975KB
-
MD5
ada221efca37a367af3fd2737f631950
-
SHA1
947d791982e89ef034b41d15e623b83067bcfd97
-
SHA256
8fe046c2fb961ded114076c5dfcbd8459a82baad6fbad34c04a08b920ee6290a
-
SHA512
b70cc6f694a6a837651f81bed82dc2d698b6a0699f6483e347cb249c2fee6d495be29df845f05771c507f1b7230f744a21eef9c965d376f254d27593a3ee6b1b
Score
10/10
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
186.250.48.117:443
92.240.254.110:6602
81.223.127.86:10172
86.49.161.18:9043
rc4.plain
rc4.plain
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ada221efca37a367af3fd2737f631950.exe"C:\Users\Admin\AppData\Local\Temp\ada221efca37a367af3fd2737f631950.exe"1⤵
- Checks whether UAC is enabled
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3584-118-0x0000000002270000-0x00000000022AC000-memory.dmpFilesize
240KB
-
memory/3584-119-0x0000000000400000-0x00000000004F6000-memory.dmpFilesize
984KB