Analysis
-
max time kernel
4294181s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20220310-en -
submitted
17-03-2022 18:22
Static task
static1
Behavioral task
behavioral1
Sample
a0536058320c509f5eb8d2508be328253c721a6f53e88e3bb5fcfecb768fc6af.exe
Resource
win7-20220310-en
windows7_x64
0 signatures
0 seconds
General
-
Target
a0536058320c509f5eb8d2508be328253c721a6f53e88e3bb5fcfecb768fc6af.exe
-
Size
747KB
-
MD5
af31b669e8e8d7c42a12c4bac085e6a7
-
SHA1
f2c88e9e0839ad63d8d20cc4e0cd7d7711e927c4
-
SHA256
a0536058320c509f5eb8d2508be328253c721a6f53e88e3bb5fcfecb768fc6af
-
SHA512
8d884ee491fbd05592b5a161692a066b0688caa0f23d3789398fe7bf80e65be29e662ffac002103d4de684afb923ba12a7247f54e41828deed78f0d7f97d536d
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
51.254.163.104:1688
142.4.6.57:14043
195.159.28.230:4443
64.225.35.35:3098
rc4.plain
rc4.plain
Signatures
-
DridexLoader 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1564-56-0x0000000000400000-0x00000000004BE000-memory.dmp DridexLoader -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
a0536058320c509f5eb8d2508be328253c721a6f53e88e3bb5fcfecb768fc6af.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA a0536058320c509f5eb8d2508be328253c721a6f53e88e3bb5fcfecb768fc6af.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
a0536058320c509f5eb8d2508be328253c721a6f53e88e3bb5fcfecb768fc6af.exepid process 1564 a0536058320c509f5eb8d2508be328253c721a6f53e88e3bb5fcfecb768fc6af.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a0536058320c509f5eb8d2508be328253c721a6f53e88e3bb5fcfecb768fc6af.exe"C:\Users\Admin\AppData\Local\Temp\a0536058320c509f5eb8d2508be328253c721a6f53e88e3bb5fcfecb768fc6af.exe"1⤵
- Checks whether UAC is enabled
- Suspicious behavior: GetForegroundWindowSpam