Analysis
-
max time kernel
144s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
11-06-2022 16:56
Static task
static1
Behavioral task
behavioral1
Sample
raw0rbp9s.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
raw0rbp9s.dll
-
Size
311KB
-
MD5
af7dde49c27f97cd77b03a8ace70beea
-
SHA1
daafa2be3a79192b311774db9bc7123a6040825f
-
SHA256
163fe3e1545012147aeca9c14a90a0d7f52f624f664d8365052657a76fc481a4
-
SHA512
52700a5fc9b93bc65a78d64c3ab50fcc0cdbd3c87a12679eb1fdf912ff1bdfa6a3a5942a4b1e58cecd928154383fc07831bb67ff6e35d753a279210f60c64633
Malware Config
Extracted
Family
dridex
Botnet
10444
C2
77.220.64.37:443
80.86.91.27:3308
5.100.228.233:3389
46.105.131.65:1512
rc4.plain
rc4.plain
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1752 wrote to memory of 2136 1752 rundll32.exe rundll32.exe PID 1752 wrote to memory of 2136 1752 rundll32.exe rundll32.exe PID 1752 wrote to memory of 2136 1752 rundll32.exe rundll32.exe