Overview

overview

10

Static

static

d94bbc62b2...c3.dll

windows7_x64

10

d94bbc62b2...c3.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    4294183s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20220311-en
  • submitted
    26-03-2022 01:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d94bbc62b2f345d98c2b69c6173a51e59e6e6d9581e5e6d51f46d35d8f3998c3.dll

  • Size

    355KB

  • MD5

    f45d3e9f068eed28b41490774a7857e7

  • SHA1

    d071a9ff48a7172081c3f89d0d5ae4016a523cf9

  • SHA256

    d94bbc62b2f345d98c2b69c6173a51e59e6e6d9581e5e6d51f46d35d8f3998c3

  • SHA512

    3f005cada6a051500688164ff1f5c5b6043b5e402fbb969d7993f75b89ac26a55fa7bc0c9c60f0a077b9d7bade38b8d12e77529566acb3267cc69b64880d0f19

Score
10/10
dridex10555botnetdiscoveryevasiontrojan

Malware Config

Extracted

Family

dridex

Botnet

10555

C2

175.126.167.148:443

173.249.20.233:8043

162.241.204.233:4443

138.122.143.40:8043
rc4.plain
rc4.plain

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Blocklisted process makes network request 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\d94bbc62b2f345d98c2b69c6173a51e59e6e6d9581e5e6d51f46d35d8f3998c3.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1836
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\d94bbc62b2f345d98c2b69c6173a51e59e6e6d9581e5e6d51f46d35d8f3998c3.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Checks whether UAC is enabled
      PID:2016

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2016-54-0x0000000000000000-mapping.dmp
    Download
  • memory/2016-55-0x0000000075801000-0x0000000075803000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2016-56-0x00000000001E0000-0x000000000021D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/2016-57-0x00000000007B0000-0x00000000007ED000-memory.dmp
    Filesize

    244KB

    Download