Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    130s
  • max time network
    132s
  • platform
    windows10_x64
  • resource
    win10-20220310-en
  • submitted
    14-03-2022 09:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f151c634a6e355148da4d7bb69089a190ea20b18703f86159a9745d8dd8d37df.exe

  • Size

    236KB

  • MD5

    e126cf941fd76348fadb6893b8c7d980

  • SHA1

    d2b408c77bfda79d853259b6d50566ddfd7211fe

  • SHA256

    f151c634a6e355148da4d7bb69089a190ea20b18703f86159a9745d8dd8d37df

  • SHA512

    bbc274582d11533e777703d816ff899cf19cbb677d36039cdbf7ea567ea5db0e95ee99e0bc15ebaf8b4d7d379344affebb0af658be89f965474bb17413e40899

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

31.44.185.6:4001

31.44.185.11:4001

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Downloads MZ/PE file
  • Executes dropped EXE 3 IoCs
  • Drops file in Windows directory 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f151c634a6e355148da4d7bb69089a190ea20b18703f86159a9745d8dd8d37df.exe
    "C:\Users\Admin\AppData\Local\Temp\f151c634a6e355148da4d7bb69089a190ea20b18703f86159a9745d8dd8d37df.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:2228
  • C:\ProgramData\ewrcpub\khtmhbm.exe
    C:\ProgramData\ewrcpub\khtmhbm.exe start
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    PID:2480
  • C:\Windows\TEMP\vlnit.exe
    C:\Windows\TEMP\vlnit.exe
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:592
  • C:\ProgramData\jhodq\onjfau.exe
    C:\ProgramData\jhodq\onjfau.exe start
    1⤵
    • Executes dropped EXE
    PID:1244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\ewrcpub\khtmhbm.exe
    MD5

    e126cf941fd76348fadb6893b8c7d980

    SHA1

    d2b408c77bfda79d853259b6d50566ddfd7211fe

    SHA256

    f151c634a6e355148da4d7bb69089a190ea20b18703f86159a9745d8dd8d37df

    SHA512

    bbc274582d11533e777703d816ff899cf19cbb677d36039cdbf7ea567ea5db0e95ee99e0bc15ebaf8b4d7d379344affebb0af658be89f965474bb17413e40899

    Download Submit
  • C:\ProgramData\ewrcpub\khtmhbm.exe
    MD5

    e126cf941fd76348fadb6893b8c7d980

    SHA1

    d2b408c77bfda79d853259b6d50566ddfd7211fe

    SHA256

    f151c634a6e355148da4d7bb69089a190ea20b18703f86159a9745d8dd8d37df

    SHA512

    bbc274582d11533e777703d816ff899cf19cbb677d36039cdbf7ea567ea5db0e95ee99e0bc15ebaf8b4d7d379344affebb0af658be89f965474bb17413e40899

    Download Submit
  • C:\ProgramData\jhodq\onjfau.exe
    MD5

    e126cf941fd76348fadb6893b8c7d980

    SHA1

    d2b408c77bfda79d853259b6d50566ddfd7211fe

    SHA256

    f151c634a6e355148da4d7bb69089a190ea20b18703f86159a9745d8dd8d37df

    SHA512

    bbc274582d11533e777703d816ff899cf19cbb677d36039cdbf7ea567ea5db0e95ee99e0bc15ebaf8b4d7d379344affebb0af658be89f965474bb17413e40899

    Download Submit
  • C:\ProgramData\jhodq\onjfau.exe
    MD5

    e126cf941fd76348fadb6893b8c7d980

    SHA1

    d2b408c77bfda79d853259b6d50566ddfd7211fe

    SHA256

    f151c634a6e355148da4d7bb69089a190ea20b18703f86159a9745d8dd8d37df

    SHA512

    bbc274582d11533e777703d816ff899cf19cbb677d36039cdbf7ea567ea5db0e95ee99e0bc15ebaf8b4d7d379344affebb0af658be89f965474bb17413e40899

    Download Submit
  • C:\Windows\TEMP\vlnit.exe
    MD5

    e126cf941fd76348fadb6893b8c7d980

    SHA1

    d2b408c77bfda79d853259b6d50566ddfd7211fe

    SHA256

    f151c634a6e355148da4d7bb69089a190ea20b18703f86159a9745d8dd8d37df

    SHA512

    bbc274582d11533e777703d816ff899cf19cbb677d36039cdbf7ea567ea5db0e95ee99e0bc15ebaf8b4d7d379344affebb0af658be89f965474bb17413e40899

    Download Submit
  • C:\Windows\Tasks\khtmhbm.job
    MD5

    85f4120435b85fae1d588b6e2deb3a17

    SHA1

    2dbde36aaa3bebf02fe632cd5bd1e9d6780e5de4

    SHA256

    aeded3fc61d2ee168bc29b2c85a1b69477ad419d5ce3ca0952464ba11fb823c5

    SHA512

    2c7a6e9e6bbb1ddd8243df8e32c9efd7092d1b0e7a4c9b567ac7cc94ccc47703b5bd8de0adf08b7786aa4bcfb10b14d01ca046d56d3c809ff6c6c1db961dc45a

    Download Submit
  • C:\Windows\Temp\vlnit.exe
    MD5

    e126cf941fd76348fadb6893b8c7d980

    SHA1

    d2b408c77bfda79d853259b6d50566ddfd7211fe

    SHA256

    f151c634a6e355148da4d7bb69089a190ea20b18703f86159a9745d8dd8d37df

    SHA512

    bbc274582d11533e777703d816ff899cf19cbb677d36039cdbf7ea567ea5db0e95ee99e0bc15ebaf8b4d7d379344affebb0af658be89f965474bb17413e40899

    Download Submit
  • memory/592-132-0x0000000000470000-0x000000000051E000-memory.dmp
    Filesize

    696KB

    Download
  • memory/592-134-0x0000000000400000-0x000000000046C000-memory.dmp
    Filesize

    432KB

    Download
  • memory/592-133-0x0000000000470000-0x000000000051E000-memory.dmp
    Filesize

    696KB

    Download
  • memory/1244-139-0x0000000000400000-0x000000000046C000-memory.dmp
    Filesize

    432KB

    Download
  • memory/1244-138-0x0000000000470000-0x00000000005BA000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/2228-118-0x000000000072D000-0x0000000000736000-memory.dmp
    Filesize

    36KB

    Download
  • memory/2228-121-0x0000000000400000-0x000000000046C000-memory.dmp
    Filesize

    432KB

    Download
  • memory/2228-120-0x00000000005E0000-0x00000000005E9000-memory.dmp
    Filesize

    36KB

    Download
  • memory/2228-119-0x000000000072D000-0x0000000000736000-memory.dmp
    Filesize

    36KB

    Download
  • memory/2480-124-0x0000000000727000-0x0000000000730000-memory.dmp
    Filesize

    36KB

    Download
  • memory/2480-125-0x0000000000727000-0x0000000000730000-memory.dmp
    Filesize

    36KB

    Download
  • memory/2480-127-0x0000000000400000-0x000000000046C000-memory.dmp
    Filesize

    432KB

    Download
  • memory/2480-126-0x0000000000560000-0x00000000006AA000-memory.dmp
    Filesize

    1.3MB

    Download