Analysis
-
max time kernel
142s -
max time network
172s -
platform
windows10-2004_x64 -
resource
win10v2004-20220310-en -
submitted
20-03-2022 05:49
Static task
static1
Behavioral task
behavioral1
Sample
6892216c058be384f29e90bed5ed565ba874fccbcf5a2cb7117ff4d76299a53c.exe
Resource
win7-20220310-en
windows7_x64
0 signatures
0 seconds
General
-
Target
6892216c058be384f29e90bed5ed565ba874fccbcf5a2cb7117ff4d76299a53c.exe
-
Size
747KB
-
MD5
49b76b47a36c0ecc8d27aba0903f8f94
-
SHA1
4c2991e37245fd23dc40e02974e08be07a1f4767
-
SHA256
6892216c058be384f29e90bed5ed565ba874fccbcf5a2cb7117ff4d76299a53c
-
SHA512
a56072231fda417a16b99a1ccaec486f67e0ef1da8a3b8efabd49c88b4eab384bcf1fa23e02fe1f91da925103bfabc7e7d07ebb20b27730d19411f50a7ad9f2b
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
51.254.163.104:1688
142.4.6.57:14043
195.159.28.230:4443
64.225.35.35:3098
rc4.plain
rc4.plain
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
6892216c058be384f29e90bed5ed565ba874fccbcf5a2cb7117ff4d76299a53c.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 6892216c058be384f29e90bed5ed565ba874fccbcf5a2cb7117ff4d76299a53c.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
6892216c058be384f29e90bed5ed565ba874fccbcf5a2cb7117ff4d76299a53c.exepid process 3504 6892216c058be384f29e90bed5ed565ba874fccbcf5a2cb7117ff4d76299a53c.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\6892216c058be384f29e90bed5ed565ba874fccbcf5a2cb7117ff4d76299a53c.exe"C:\Users\Admin\AppData\Local\Temp\6892216c058be384f29e90bed5ed565ba874fccbcf5a2cb7117ff4d76299a53c.exe"1⤵
- Checks whether UAC is enabled
- Suspicious behavior: GetForegroundWindowSpam