Analysis
-
max time kernel
66s -
max time network
99s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
11-06-2022 16:47
General
-
Target
m2st428.dll
-
Size
1.0MB
-
MD5
707a7a0945a99cbe9c542566c79ca006
-
SHA1
fcc6984d14ca28719c514f71c12aa77dde9fe4b3
-
SHA256
7f40daf140f16c6a6d70eee101a08640b0f301a8c224fdac5254b5b71e62eb8d
-
SHA512
61144cf4602f78aefc137bf9d8ae7002c784d22bc9ad5b8a0449c8e5ac83b158d0d2e6bbb56114a8d61f1b2a37919946a361e49d5a6fc18078bb78ce2ed8a41a
Score
10/10
Malware Config
Extracted
Family
dridex
Botnet
10444
C2
192.46.210.220:443
143.244.140.214:808
45.77.0.96:6891
185.56.219.47:8116
rc4.plain
rc4.plain
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Blocklisted process makes network request 2 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\m2st428.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\m2st428.dll,#12⤵
- Blocklisted process makes network request
- Checks whether UAC is enabled
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1984-54-0x0000000000000000-mapping.dmp
-
memory/1984-55-0x0000000075BF1000-0x0000000075BF3000-memory.dmpFilesize
8KB
-
memory/1984-56-0x00000000752A0000-0x00000000753BB000-memory.dmpFilesize
1.1MB
-
memory/1984-58-0x00000000752A0000-0x00000000753BB000-memory.dmpFilesize
1.1MB
-
memory/1984-57-0x00000000752A0000-0x00000000752DD000-memory.dmpFilesize
244KB
-
memory/1984-60-0x00000000752A0000-0x00000000753BB000-memory.dmpFilesize
1.1MB
-
memory/1984-61-0x00000000752A0000-0x00000000753BB000-memory.dmpFilesize
1.1MB