Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    142s
  • max time network
    155s
  • platform
    windows10_x64
  • resource
    win10-20220223-en
  • submitted
    26-03-2022 12:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e0a7a8197faff39623a3acf0f7d50d13db0b1bb3f6d45da634146fb9ecfa1292.exe

  • Size

    224KB

  • MD5

    1a90b941b51ff18ea75347b05ed93fcf

  • SHA1

    e66241d516815618e517a40fda6685bac9d6c36f

  • SHA256

    e0a7a8197faff39623a3acf0f7d50d13db0b1bb3f6d45da634146fb9ecfa1292

  • SHA512

    686dce0f08625ef9b718eb964e464d01e896148b961e7734b0dec3678a84b58fc82e50ac7c6c8dfa6e70103a78cc7222f74408dcd3d939b02a1bb813619a57d4

Score
10/10
systembcsuricatatrojan

Malware Config

Extracted

Family

systembc

C2

31.44.185.6:4001

31.44.185.11:4001

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)

    suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)

    suricata
  • suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    suricata
  • suricata: ET MALWARE Win32/SystemBC CnC Checkin

    suricata: ET MALWARE Win32/SystemBC CnC Checkin

    suricata
  • Downloads MZ/PE file
  • Executes dropped EXE 3 IoCs
  • Drops file in Windows directory 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e0a7a8197faff39623a3acf0f7d50d13db0b1bb3f6d45da634146fb9ecfa1292.exe
    "C:\Users\Admin\AppData\Local\Temp\e0a7a8197faff39623a3acf0f7d50d13db0b1bb3f6d45da634146fb9ecfa1292.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:1620
  • C:\ProgramData\wotpqgn\qogoo.exe
    C:\ProgramData\wotpqgn\qogoo.exe start
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    PID:3924
  • C:\Windows\TEMP\lvkb.exe
    C:\Windows\TEMP\lvkb.exe
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:4044
  • C:\ProgramData\wlxaf\cofaxrm.exe
    C:\ProgramData\wlxaf\cofaxrm.exe start
    1⤵
    • Executes dropped EXE
    PID:3788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\wlxaf\cofaxrm.exe
    MD5

    1a90b941b51ff18ea75347b05ed93fcf

    SHA1

    e66241d516815618e517a40fda6685bac9d6c36f

    SHA256

    e0a7a8197faff39623a3acf0f7d50d13db0b1bb3f6d45da634146fb9ecfa1292

    SHA512

    686dce0f08625ef9b718eb964e464d01e896148b961e7734b0dec3678a84b58fc82e50ac7c6c8dfa6e70103a78cc7222f74408dcd3d939b02a1bb813619a57d4

    Download Submit

  • C:\ProgramData\wlxaf\cofaxrm.exe
    MD5

    1a90b941b51ff18ea75347b05ed93fcf

    SHA1

    e66241d516815618e517a40fda6685bac9d6c36f

    SHA256

    e0a7a8197faff39623a3acf0f7d50d13db0b1bb3f6d45da634146fb9ecfa1292

    SHA512

    686dce0f08625ef9b718eb964e464d01e896148b961e7734b0dec3678a84b58fc82e50ac7c6c8dfa6e70103a78cc7222f74408dcd3d939b02a1bb813619a57d4

    Download Submit

  • C:\ProgramData\wotpqgn\qogoo.exe
    MD5

    1a90b941b51ff18ea75347b05ed93fcf

    SHA1

    e66241d516815618e517a40fda6685bac9d6c36f

    SHA256

    e0a7a8197faff39623a3acf0f7d50d13db0b1bb3f6d45da634146fb9ecfa1292

    SHA512

    686dce0f08625ef9b718eb964e464d01e896148b961e7734b0dec3678a84b58fc82e50ac7c6c8dfa6e70103a78cc7222f74408dcd3d939b02a1bb813619a57d4

    Download Submit

  • C:\ProgramData\wotpqgn\qogoo.exe
    MD5

    1a90b941b51ff18ea75347b05ed93fcf

    SHA1

    e66241d516815618e517a40fda6685bac9d6c36f

    SHA256

    e0a7a8197faff39623a3acf0f7d50d13db0b1bb3f6d45da634146fb9ecfa1292

    SHA512

    686dce0f08625ef9b718eb964e464d01e896148b961e7734b0dec3678a84b58fc82e50ac7c6c8dfa6e70103a78cc7222f74408dcd3d939b02a1bb813619a57d4

    Download Submit

  • C:\Windows\TEMP\lvkb.exe
    MD5

    1a90b941b51ff18ea75347b05ed93fcf

    SHA1

    e66241d516815618e517a40fda6685bac9d6c36f

    SHA256

    e0a7a8197faff39623a3acf0f7d50d13db0b1bb3f6d45da634146fb9ecfa1292

    SHA512

    686dce0f08625ef9b718eb964e464d01e896148b961e7734b0dec3678a84b58fc82e50ac7c6c8dfa6e70103a78cc7222f74408dcd3d939b02a1bb813619a57d4

    Download Submit

  • C:\Windows\Tasks\qogoo.job
    MD5

    294cd165a521aec8c025599859798be4

    SHA1

    2221803c7ba344b530be3f63481ca21ee216f727

    SHA256

    08755c0b0a348c92ed1e60c9f744718c2c9c4f945652d1c3442f30bc83de49d1

    SHA512

    d58eca4077a037a873fdec1498e0d5b37b69873a1cc2a699eb06f88ff22c9e9826eb09c5700627641919f75e1673ef5319bfec824a217f5457a7c7dd502c9802

    Download Submit

  • C:\Windows\Temp\lvkb.exe
    MD5

    1a90b941b51ff18ea75347b05ed93fcf

    SHA1

    e66241d516815618e517a40fda6685bac9d6c36f

    SHA256

    e0a7a8197faff39623a3acf0f7d50d13db0b1bb3f6d45da634146fb9ecfa1292

    SHA512

    686dce0f08625ef9b718eb964e464d01e896148b961e7734b0dec3678a84b58fc82e50ac7c6c8dfa6e70103a78cc7222f74408dcd3d939b02a1bb813619a57d4

    Download Submit

  • memory/1620-114-0x0000000000627000-0x0000000000630000-memory.dmp

    Filesize

    36KB

    Download

  • memory/1620-117-0x0000000000400000-0x000000000047B000-memory.dmp

    Filesize

    492KB

    Download

  • memory/1620-116-0x00000000001E0000-0x00000000001E9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/1620-115-0x0000000000627000-0x0000000000630000-memory.dmp

    Filesize

    36KB

    Download

  • memory/3788-133-0x00000000005D0000-0x000000000071A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3788-134-0x0000000000400000-0x000000000047B000-memory.dmp

    Filesize

    492KB

    Download

  • memory/3924-122-0x0000000000400000-0x000000000047B000-memory.dmp

    Filesize

    492KB

    Download

  • memory/3924-121-0x0000000000500000-0x00000000005AE000-memory.dmp

    Filesize

    696KB

    Download

  • memory/4044-125-0x00000000007F2000-0x00000000007FB000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4044-127-0x00000000007F2000-0x00000000007FB000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4044-128-0x0000000000480000-0x00000000005CA000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/4044-129-0x0000000000400000-0x000000000047B000-memory.dmp

    Filesize

    492KB

    Download