Overview

overview

10

Static

static

dridex

windows10-2004_x64

10

Analysis

  • max time kernel
    136s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220310-en
  • submitted
    14-03-2022 13:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bad62abd7ad29c3d1379bd06439b3208549ceff63772420104c1b322a4abc810.exe

  • Size

    237KB

  • MD5

    572eb88ef3e508c0556d55b4e7f649bd

  • SHA1

    a2251c07ea52e9886be15835d45eac41c24af78d

  • SHA256

    bad62abd7ad29c3d1379bd06439b3208549ceff63772420104c1b322a4abc810

  • SHA512

    8f9ed7ae2b94a3a6cb7e70a7192509d5dc8a8d728bedcdd01c2129608edbc0fc5c6b487733de72d54ba7dda438df7887381669466759d3e5bd8a8835b32335e9

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

31.44.185.6:4001

31.44.185.11:4001

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Downloads MZ/PE file
  • Executes dropped EXE 3 IoCs
  • Drops file in Windows directory 5 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bad62abd7ad29c3d1379bd06439b3208549ceff63772420104c1b322a4abc810.exe
    "C:\Users\Admin\AppData\Local\Temp\bad62abd7ad29c3d1379bd06439b3208549ceff63772420104c1b322a4abc810.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:3304
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 488
      2⤵
      • Program crash
      PID:4888
  • C:\ProgramData\xnqxgo\jxoa.exe
    C:\ProgramData\xnqxgo\jxoa.exe start
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    PID:5108
  • C:\Windows\TEMP\ovwsnni.exe
    C:\Windows\TEMP\ovwsnni.exe
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:3656
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3304 -ip 3304
    1⤵
      PID:4304
    • C:\ProgramData\lqebma\ptmm.exe
      C:\ProgramData\lqebma\ptmm.exe start
      1⤵
      • Executes dropped EXE
      PID:956

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\lqebma\ptmm.exe
      MD5

      572eb88ef3e508c0556d55b4e7f649bd

      SHA1

      a2251c07ea52e9886be15835d45eac41c24af78d

      SHA256

      bad62abd7ad29c3d1379bd06439b3208549ceff63772420104c1b322a4abc810

      SHA512

      8f9ed7ae2b94a3a6cb7e70a7192509d5dc8a8d728bedcdd01c2129608edbc0fc5c6b487733de72d54ba7dda438df7887381669466759d3e5bd8a8835b32335e9

      Download Submit
    • C:\ProgramData\lqebma\ptmm.exe
      MD5

      572eb88ef3e508c0556d55b4e7f649bd

      SHA1

      a2251c07ea52e9886be15835d45eac41c24af78d

      SHA256

      bad62abd7ad29c3d1379bd06439b3208549ceff63772420104c1b322a4abc810

      SHA512

      8f9ed7ae2b94a3a6cb7e70a7192509d5dc8a8d728bedcdd01c2129608edbc0fc5c6b487733de72d54ba7dda438df7887381669466759d3e5bd8a8835b32335e9

      Download Submit
    • C:\ProgramData\xnqxgo\jxoa.exe
      MD5

      572eb88ef3e508c0556d55b4e7f649bd

      SHA1

      a2251c07ea52e9886be15835d45eac41c24af78d

      SHA256

      bad62abd7ad29c3d1379bd06439b3208549ceff63772420104c1b322a4abc810

      SHA512

      8f9ed7ae2b94a3a6cb7e70a7192509d5dc8a8d728bedcdd01c2129608edbc0fc5c6b487733de72d54ba7dda438df7887381669466759d3e5bd8a8835b32335e9

      Download Submit
    • C:\ProgramData\xnqxgo\jxoa.exe
      MD5

      572eb88ef3e508c0556d55b4e7f649bd

      SHA1

      a2251c07ea52e9886be15835d45eac41c24af78d

      SHA256

      bad62abd7ad29c3d1379bd06439b3208549ceff63772420104c1b322a4abc810

      SHA512

      8f9ed7ae2b94a3a6cb7e70a7192509d5dc8a8d728bedcdd01c2129608edbc0fc5c6b487733de72d54ba7dda438df7887381669466759d3e5bd8a8835b32335e9

      Download Submit
    • C:\Windows\TEMP\ovwsnni.exe
      MD5

      572eb88ef3e508c0556d55b4e7f649bd

      SHA1

      a2251c07ea52e9886be15835d45eac41c24af78d

      SHA256

      bad62abd7ad29c3d1379bd06439b3208549ceff63772420104c1b322a4abc810

      SHA512

      8f9ed7ae2b94a3a6cb7e70a7192509d5dc8a8d728bedcdd01c2129608edbc0fc5c6b487733de72d54ba7dda438df7887381669466759d3e5bd8a8835b32335e9

      Download Submit
    • C:\Windows\Tasks\jxoa.job
      MD5

      f98abe295fa4cb5480350c740486c014

      SHA1

      3820781eaeaa6688eba9a8905bbb85916e73cac6

      SHA256

      ecdb6de89773db1b0543e6476c60302b1f2062b092544cdbd44f0b5fbb563bbd

      SHA512

      430bb472ad76ec6f18a2ba4179597d147ed23b80291e5fbbbb1da86856f19603f9cb90a93b68c942dee339cd11aac4211c2596f330117c310e7a892eaa3eb62f

      Download Submit
    • C:\Windows\Temp\ovwsnni.exe
      MD5

      572eb88ef3e508c0556d55b4e7f649bd

      SHA1

      a2251c07ea52e9886be15835d45eac41c24af78d

      SHA256

      bad62abd7ad29c3d1379bd06439b3208549ceff63772420104c1b322a4abc810

      SHA512

      8f9ed7ae2b94a3a6cb7e70a7192509d5dc8a8d728bedcdd01c2129608edbc0fc5c6b487733de72d54ba7dda438df7887381669466759d3e5bd8a8835b32335e9

      Download Submit
    • memory/956-152-0x000000000049B000-0x00000000004A4000-memory.dmp
      Filesize

      36KB

      Download
    • memory/956-154-0x0000000000400000-0x000000000046C000-memory.dmp
      Filesize

      432KB

      Download
    • memory/956-153-0x000000000049B000-0x00000000004A4000-memory.dmp
      Filesize

      36KB

      Download
    • memory/3304-137-0x0000000000400000-0x000000000046C000-memory.dmp
      Filesize

      432KB

      Download
    • memory/3304-136-0x0000000000600000-0x0000000000609000-memory.dmp
      Filesize

      36KB

      Download
    • memory/3304-135-0x000000000063E000-0x0000000000647000-memory.dmp
      Filesize

      36KB

      Download
    • memory/3304-134-0x000000000063E000-0x0000000000647000-memory.dmp
      Filesize

      36KB

      Download
    • memory/3656-146-0x00000000004CA000-0x00000000004D3000-memory.dmp
      Filesize

      36KB

      Download
    • memory/3656-148-0x00000000004CA000-0x00000000004D3000-memory.dmp
      Filesize

      36KB

      Download
    • memory/3656-149-0x0000000000400000-0x000000000046C000-memory.dmp
      Filesize

      432KB

      Download
    • memory/5108-140-0x00000000007DB000-0x00000000007E4000-memory.dmp
      Filesize

      36KB

      Download
    • memory/5108-141-0x00000000007DB000-0x00000000007E4000-memory.dmp
      Filesize

      36KB

      Download
    • memory/5108-143-0x0000000000400000-0x000000000046C000-memory.dmp
      Filesize

      432KB

      Download
    • memory/5108-142-0x00000000005B0000-0x00000000005B9000-memory.dmp
      Filesize

      36KB

      Download