Overview

overview

10

Static

static

d0rjc.exe

windows7_x64

10

d0rjc.exe

windows10_x64

10

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    11-12-2021 01:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d0rjc.exe

  • Size

    979KB

  • MD5

    fa3e91dddc7922ad57f34081022db94f

  • SHA1

    0ef0e2183cfde4e56a256f4c72ad1817bbcdde93

  • SHA256

    0419a275a827ff47b1d0f921e8baa40367446f6c3c99e615526ea066c021c268

  • SHA512

    366e3e0436fbacc6ccefdd506bab98373019f585d363d4c5c047e956182cab8c06a5953c94c69fad9d5428ca555615d1243e76950e857ae3c18f298294e97b80

Score
10/10
dridex10111botnetdiscoveryevasiontrojan

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

160.16.102.168:443

180.214.246.226:7443

61.36.193.13:9043
rc4.plain
rc4.plain

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan

Processes

  • C:\Users\Admin\AppData\Local\Temp\d0rjc.exe
    "C:\Users\Admin\AppData\Local\Temp\d0rjc.exe"
    1⤵
    • Checks whether UAC is enabled
    PID:3420

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3420-119-0x0000000000400000-0x00000000004F8000-memory.dmp
    Filesize

    992KB

    Download
  • memory/3420-118-0x0000000000500000-0x000000000064A000-memory.dmp
    Filesize

    1.3MB

    Download