Overview

overview

10

Static

static

ceec2d7752...4b.dll

windows7_x64

10

ceec2d7752...4b.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    4294178s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20220310-en
  • submitted
    24-03-2022 11:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ceec2d7752b046d0e0119a794aae214e097ab074f728494bb6edab2fb5370b4b.dll

  • Size

    355KB

  • MD5

    821e56271da5d7ab18c6eb49cb14abf5

  • SHA1

    be56ac4b532620d9b3ec88c9b2530de0a6499d6a

  • SHA256

    ceec2d7752b046d0e0119a794aae214e097ab074f728494bb6edab2fb5370b4b

  • SHA512

    79b2325efe8ad9e24e0f22ede0d824367986caf3133df86be86b89d39c8d4cd3811bc3ee0cca8746ceeea5c3c790b192be0cab7b2d9b005444f6756df97111f5

Score
10/10
dridex10555botnetdiscoveryevasiontrojan

Malware Config

Extracted

Family

dridex

Botnet

10555

C2

175.126.167.148:443

173.249.20.233:8043

162.241.204.233:4443

138.122.143.40:8043
rc4.plain
rc4.plain

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Blocklisted process makes network request 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ceec2d7752b046d0e0119a794aae214e097ab074f728494bb6edab2fb5370b4b.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:288
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\ceec2d7752b046d0e0119a794aae214e097ab074f728494bb6edab2fb5370b4b.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Checks whether UAC is enabled
      PID:1752

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1752-54-0x0000000000000000-mapping.dmp
    Download
  • memory/1752-55-0x0000000074DE1000-0x0000000074DE3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1752-56-0x0000000000130000-0x000000000016D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/1752-57-0x0000000000270000-0x00000000002AD000-memory.dmp
    Filesize

    244KB

    Download