Resubmissions
13-05-2022 06:14
220513-gzaqnscgb9 10Analysis
-
max time kernel
144s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
13-05-2022 06:14
General
-
Target
04690a6fb91bce90cf1cb0508b80c9eaebdf587515ced649c88005992369107a.exe
-
Size
1.2MB
-
MD5
7873656c7b07aa7b0123fff8f886cb5a
-
SHA1
f4c3c985742803e34a64a468217fcc577d1f94ae
-
SHA256
04690a6fb91bce90cf1cb0508b80c9eaebdf587515ced649c88005992369107a
-
SHA512
02335e1c0d1a6bf125caaa46602a35bcce523c4e41ab31bcb1dec1b42d1ccd754b782b382b7c3dab0abfea49b68a880ad5bc74d2b42510457688828dbbb159cc
Score
10/10
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
77.220.64.135:443
153.126.165.175:6601
210.65.244.183:8443
rc4.plain
rc4.plain
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\04690a6fb91bce90cf1cb0508b80c9eaebdf587515ced649c88005992369107a.exe"C:\Users\Admin\AppData\Local\Temp\04690a6fb91bce90cf1cb0508b80c9eaebdf587515ced649c88005992369107a.exe"1⤵
- Checks whether UAC is enabled
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/868-130-0x0000000002270000-0x00000000022AC000-memory.dmpFilesize
240KB
-
memory/868-131-0x0000000000400000-0x0000000000530000-memory.dmpFilesize
1.2MB