Analysis
-
max time kernel
38s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
18-05-2022 11:21
Behavioral task
behavioral1
Sample
f3139a06196fe2ec60feabd04ff1d3081ba0f6d53bb75c489825cd80ecb3b4a6.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
f3139a06196fe2ec60feabd04ff1d3081ba0f6d53bb75c489825cd80ecb3b4a6.exe
-
Size
1.3MB
-
MD5
6ee2138d5467da398e02afe2baea9fbe
-
SHA1
92967cecaa82522251a0d270f35aac1e27aaea69
-
SHA256
f3139a06196fe2ec60feabd04ff1d3081ba0f6d53bb75c489825cd80ecb3b4a6
-
SHA512
ea3e55a72610d248c4e67285c179d1c3bf519e40e81a7b39e80118e4a25aaeb87e8e857e786c5cad35bf07e46ccd3746c9cf5fd0546fddb7d73a6eb3fc281fe5
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
51.68.224.245:4646
188.165.17.91:8443
173.255.246.77:691
rc4.plain
rc4.plain
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
f3139a06196fe2ec60feabd04ff1d3081ba0f6d53bb75c489825cd80ecb3b4a6.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA f3139a06196fe2ec60feabd04ff1d3081ba0f6d53bb75c489825cd80ecb3b4a6.exe