Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    146s
  • max time network
    153s
  • platform
    windows10_x64
  • resource
    win10-20220310-en
  • submitted
    28-03-2022 09:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    79cec51f1346951f28d406ea651bc28095c8f33c9ccff637c8b1a625435036b4.exe

  • Size

    252KB

  • MD5

    59a15965f9e82e82701608b209dbb06f

  • SHA1

    fbb260b648820e0a64e90aa638ba4563254d85f8

  • SHA256

    79cec51f1346951f28d406ea651bc28095c8f33c9ccff637c8b1a625435036b4

  • SHA512

    5758be4efd35d9e609539d8f490b1aada685c6d1d5359b936246e2e2b90e96c4692aac2f7d5a2feaa3f181edadc19664c151ad18434c5299ce65f8c42e8b190c

Score
10/10
systembcsuricatatrojan

Malware Config

Extracted

Family

systembc

C2

31.44.185.6:4001

31.44.185.11:4001

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)

    suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)

    suricata
  • suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    suricata
  • suricata: ET MALWARE Win32/SystemBC CnC Checkin

    suricata: ET MALWARE Win32/SystemBC CnC Checkin

    suricata
  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\79cec51f1346951f28d406ea651bc28095c8f33c9ccff637c8b1a625435036b4.exe
    "C:\Users\Admin\AppData\Local\Temp\79cec51f1346951f28d406ea651bc28095c8f33c9ccff637c8b1a625435036b4.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:1536
  • C:\ProgramData\cnuaeef\iputaek.exe
    C:\ProgramData\cnuaeef\iputaek.exe start
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    PID:1876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\cnuaeef\iputaek.exe
    Filesize

    252KB

    MD5

    59a15965f9e82e82701608b209dbb06f

    SHA1

    fbb260b648820e0a64e90aa638ba4563254d85f8

    SHA256

    79cec51f1346951f28d406ea651bc28095c8f33c9ccff637c8b1a625435036b4

    SHA512

    5758be4efd35d9e609539d8f490b1aada685c6d1d5359b936246e2e2b90e96c4692aac2f7d5a2feaa3f181edadc19664c151ad18434c5299ce65f8c42e8b190c

    Download Submit
  • C:\ProgramData\cnuaeef\iputaek.exe
    Filesize

    252KB

    MD5

    59a15965f9e82e82701608b209dbb06f

    SHA1

    fbb260b648820e0a64e90aa638ba4563254d85f8

    SHA256

    79cec51f1346951f28d406ea651bc28095c8f33c9ccff637c8b1a625435036b4

    SHA512

    5758be4efd35d9e609539d8f490b1aada685c6d1d5359b936246e2e2b90e96c4692aac2f7d5a2feaa3f181edadc19664c151ad18434c5299ce65f8c42e8b190c

    Download Submit
  • memory/1536-118-0x0000000000766000-0x0000000000776000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1536-119-0x0000000000766000-0x0000000000776000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1536-120-0x00000000005D0000-0x00000000005D9000-memory.dmp
    Filesize

    36KB

    Download
  • memory/1536-121-0x0000000000400000-0x000000000046A000-memory.dmp
    Filesize

    424KB

    Download
  • memory/1876-125-0x0000000000510000-0x000000000065A000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/1876-126-0x00000000004C0000-0x00000000004C9000-memory.dmp
    Filesize

    36KB

    Download
  • memory/1876-127-0x0000000000400000-0x000000000046A000-memory.dmp
    Filesize

    424KB

    Download