Overview

overview

10

Static

static

dridex

windows10-2004_x64

10

Analysis

  • max time kernel
    105s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220310-en
  • submitted
    13-03-2022 16:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b6be49e632cae9dc45642743c5777a99e6949ba7617cd630b040821a86133281.exe

  • Size

    233KB

  • MD5

    6f6604ee86de5fc9d0100988aaa497eb

  • SHA1

    5cff464c38375f5abc66d4fa31cd1e2d0dcac8cb

  • SHA256

    b6be49e632cae9dc45642743c5777a99e6949ba7617cd630b040821a86133281

  • SHA512

    b33a0b4435e9c6714011fac7e30625bad99f3b267f59a5fa67678c455a6e069cab7c38b33b263f2b496af263e238c8dd69f55a8357898ffdca7dcd620d4c9368

Score
10/10
systembcsuricatatrojan

Malware Config

Extracted

Family

systembc

C2

31.44.185.6:4001

31.44.185.11:4001

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • suricata: ET MALWARE Win32/SystemBC CnC Checkin

    suricata: ET MALWARE Win32/SystemBC CnC Checkin

    suricata
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b6be49e632cae9dc45642743c5777a99e6949ba7617cd630b040821a86133281.exe
    "C:\Users\Admin\AppData\Local\Temp\b6be49e632cae9dc45642743c5777a99e6949ba7617cd630b040821a86133281.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:4196
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 488
      2⤵
      • Program crash
      PID:1240
  • C:\ProgramData\ggbxbd\uvabcbe.exe
    C:\ProgramData\ggbxbd\uvabcbe.exe start
    1⤵
    • Executes dropped EXE
    PID:4568
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4196 -ip 4196
    1⤵
      PID:3568

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\ggbxbd\uvabcbe.exe
      MD5

      6f6604ee86de5fc9d0100988aaa497eb

      SHA1

      5cff464c38375f5abc66d4fa31cd1e2d0dcac8cb

      SHA256

      b6be49e632cae9dc45642743c5777a99e6949ba7617cd630b040821a86133281

      SHA512

      b33a0b4435e9c6714011fac7e30625bad99f3b267f59a5fa67678c455a6e069cab7c38b33b263f2b496af263e238c8dd69f55a8357898ffdca7dcd620d4c9368

      Download Submit
    • C:\ProgramData\ggbxbd\uvabcbe.exe
      MD5

      6f6604ee86de5fc9d0100988aaa497eb

      SHA1

      5cff464c38375f5abc66d4fa31cd1e2d0dcac8cb

      SHA256

      b6be49e632cae9dc45642743c5777a99e6949ba7617cd630b040821a86133281

      SHA512

      b33a0b4435e9c6714011fac7e30625bad99f3b267f59a5fa67678c455a6e069cab7c38b33b263f2b496af263e238c8dd69f55a8357898ffdca7dcd620d4c9368

      Download Submit
    • memory/4196-135-0x0000000000470000-0x0000000000570000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/4196-136-0x00000000021A0000-0x00000000021A9000-memory.dmp
      Filesize

      36KB

      Download
    • memory/4196-137-0x0000000000400000-0x000000000046B000-memory.dmp
      Filesize

      428KB

      Download
    • memory/4568-140-0x000000000057D000-0x0000000000586000-memory.dmp
      Filesize

      36KB

      Download
    • memory/4568-141-0x000000000057D000-0x0000000000586000-memory.dmp
      Filesize

      36KB

      Download
    • memory/4568-142-0x00000000004E0000-0x00000000004E9000-memory.dmp
      Filesize

      36KB

      Download
    • memory/4568-143-0x0000000000400000-0x000000000046B000-memory.dmp
      Filesize

      428KB

      Download