Analysis
-
max time kernel
149s -
max time network
155s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
11-12-2021 01:17
Static task
static1
Behavioral task
behavioral1
Sample
d0rjc.exe
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
General
-
Target
d0rjc.exe
-
Size
979KB
-
MD5
fa3e91dddc7922ad57f34081022db94f
-
SHA1
0ef0e2183cfde4e56a256f4c72ad1817bbcdde93
-
SHA256
0419a275a827ff47b1d0f921e8baa40367446f6c3c99e615526ea066c021c268
-
SHA512
366e3e0436fbacc6ccefdd506bab98373019f585d363d4c5c047e956182cab8c06a5953c94c69fad9d5428ca555615d1243e76950e857ae3c18f298294e97b80
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
160.16.102.168:443
180.214.246.226:7443
61.36.193.13:9043
rc4.plain
rc4.plain
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
d0rjc.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA d0rjc.exe