Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    156s
  • max time network
    159s
  • platform
    windows10_x64
  • resource
    win10-20220223-en
  • submitted
    27-03-2022 19:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    080531b53daabd584297b11f5bccb8fbe86854e2cb8333415c0338b1493f450f.exe

  • Size

    272KB

  • MD5

    b2010ae2cfef6f0553b00a0ec371ef86

  • SHA1

    c83a32f4bada2d0faf80a661db17e38539ea29fa

  • SHA256

    080531b53daabd584297b11f5bccb8fbe86854e2cb8333415c0338b1493f450f

  • SHA512

    845c7c9b8a8afce3a0ef1179e500810d623e7aa5fa00ab5d54f2af9277622e58f469c108cceb39e9ed872b10f7e19832c30e5ab6aedb7aed510745fb0291e05b

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

31.44.185.6:4001

31.44.185.11:4001

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Downloads MZ/PE file
  • Executes dropped EXE 3 IoCs
  • Drops file in Windows directory 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\080531b53daabd584297b11f5bccb8fbe86854e2cb8333415c0338b1493f450f.exe
    "C:\Users\Admin\AppData\Local\Temp\080531b53daabd584297b11f5bccb8fbe86854e2cb8333415c0338b1493f450f.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:4016
  • C:\ProgramData\caaw\rlfewpn.exe
    C:\ProgramData\caaw\rlfewpn.exe start
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    PID:3900
  • C:\Windows\TEMP\ppcaca.exe
    C:\Windows\TEMP\ppcaca.exe
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:1512
  • C:\ProgramData\ellrfdh\hejel.exe
    C:\ProgramData\ellrfdh\hejel.exe start
    1⤵
    • Executes dropped EXE
    PID:3792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\caaw\rlfewpn.exe
    Filesize

    272KB

    MD5

    b2010ae2cfef6f0553b00a0ec371ef86

    SHA1

    c83a32f4bada2d0faf80a661db17e38539ea29fa

    SHA256

    080531b53daabd584297b11f5bccb8fbe86854e2cb8333415c0338b1493f450f

    SHA512

    845c7c9b8a8afce3a0ef1179e500810d623e7aa5fa00ab5d54f2af9277622e58f469c108cceb39e9ed872b10f7e19832c30e5ab6aedb7aed510745fb0291e05b

    Download Submit
  • C:\ProgramData\caaw\rlfewpn.exe
    Filesize

    272KB

    MD5

    b2010ae2cfef6f0553b00a0ec371ef86

    SHA1

    c83a32f4bada2d0faf80a661db17e38539ea29fa

    SHA256

    080531b53daabd584297b11f5bccb8fbe86854e2cb8333415c0338b1493f450f

    SHA512

    845c7c9b8a8afce3a0ef1179e500810d623e7aa5fa00ab5d54f2af9277622e58f469c108cceb39e9ed872b10f7e19832c30e5ab6aedb7aed510745fb0291e05b

    Download Submit
  • C:\ProgramData\ellrfdh\hejel.exe
    Filesize

    272KB

    MD5

    b2010ae2cfef6f0553b00a0ec371ef86

    SHA1

    c83a32f4bada2d0faf80a661db17e38539ea29fa

    SHA256

    080531b53daabd584297b11f5bccb8fbe86854e2cb8333415c0338b1493f450f

    SHA512

    845c7c9b8a8afce3a0ef1179e500810d623e7aa5fa00ab5d54f2af9277622e58f469c108cceb39e9ed872b10f7e19832c30e5ab6aedb7aed510745fb0291e05b

    Download Submit
  • C:\ProgramData\ellrfdh\hejel.exe
    Filesize

    272KB

    MD5

    b2010ae2cfef6f0553b00a0ec371ef86

    SHA1

    c83a32f4bada2d0faf80a661db17e38539ea29fa

    SHA256

    080531b53daabd584297b11f5bccb8fbe86854e2cb8333415c0338b1493f450f

    SHA512

    845c7c9b8a8afce3a0ef1179e500810d623e7aa5fa00ab5d54f2af9277622e58f469c108cceb39e9ed872b10f7e19832c30e5ab6aedb7aed510745fb0291e05b

    Download Submit
  • C:\Windows\TEMP\ppcaca.exe
    Filesize

    272KB

    MD5

    b2010ae2cfef6f0553b00a0ec371ef86

    SHA1

    c83a32f4bada2d0faf80a661db17e38539ea29fa

    SHA256

    080531b53daabd584297b11f5bccb8fbe86854e2cb8333415c0338b1493f450f

    SHA512

    845c7c9b8a8afce3a0ef1179e500810d623e7aa5fa00ab5d54f2af9277622e58f469c108cceb39e9ed872b10f7e19832c30e5ab6aedb7aed510745fb0291e05b

    Download Submit
  • C:\Windows\Tasks\rlfewpn.job
    Filesize

    248B

    MD5

    f1c249448040e3b48c1ed151e16a9c95

    SHA1

    132d32426c5b62106237e77b3e1e9b4b31c321ce

    SHA256

    359e5102abbb1c0bd5e130dc46002566a1caec3adb8606fc34e436d54d9057ec

    SHA512

    40bdd5013835cf0579ec5a58472d1193b5fd480f4473c47316e8b93c78bb6bbd408a2dc1c138ba95a2d208df5657c047539cff0ffdad16a49a51ade16ec74dcd

    Download Submit
  • C:\Windows\Temp\ppcaca.exe
    Filesize

    272KB

    MD5

    b2010ae2cfef6f0553b00a0ec371ef86

    SHA1

    c83a32f4bada2d0faf80a661db17e38539ea29fa

    SHA256

    080531b53daabd584297b11f5bccb8fbe86854e2cb8333415c0338b1493f450f

    SHA512

    845c7c9b8a8afce3a0ef1179e500810d623e7aa5fa00ab5d54f2af9277622e58f469c108cceb39e9ed872b10f7e19832c30e5ab6aedb7aed510745fb0291e05b

    Download Submit
  • memory/1512-126-0x00000000007D2000-0x00000000007DB000-memory.dmp
    Filesize

    36KB

    Download
  • memory/1512-128-0x00000000007D2000-0x00000000007DB000-memory.dmp
    Filesize

    36KB

    Download
  • memory/1512-129-0x0000000000490000-0x00000000005DA000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/1512-130-0x0000000000400000-0x0000000000487000-memory.dmp
    Filesize

    540KB

    Download
  • memory/3900-121-0x0000000000752000-0x000000000075B000-memory.dmp
    Filesize

    36KB

    Download
  • memory/3900-122-0x0000000000490000-0x00000000005DA000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/3900-123-0x0000000000400000-0x0000000000487000-memory.dmp
    Filesize

    540KB

    Download
  • memory/3900-120-0x0000000000752000-0x000000000075B000-memory.dmp
    Filesize

    36KB

    Download
  • memory/4016-115-0x0000000000530000-0x000000000067A000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/4016-117-0x0000000000400000-0x0000000000487000-memory.dmp
    Filesize

    540KB

    Download
  • memory/4016-116-0x00000000004E0000-0x00000000004E9000-memory.dmp
    Filesize

    36KB

    Download