Analysis

  • max time kernel
    42s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    25-06-2022 10:08

General

  • Target

    b7fa9d5cf083e7d6a5dc77d4a09fcb486c9c19f118fc0409233289e760e793d2.exe

  • Size

    192KB

  • MD5

    ec3c5423e7a02686875346bd2a61f183

  • SHA1

    eecee8b3ecce7d08ff05cde1324a8bda20bea3a5

  • SHA256

    b7fa9d5cf083e7d6a5dc77d4a09fcb486c9c19f118fc0409233289e760e793d2

  • SHA512

    7722d75c0594211bb09204eca4e6cd0bb48ca141224ac7e892290cacee5f2425fcc5da4793bc4891dd2fde7c1a220b23fae652f128e518210007c7d787c72a88

Score
10/10

Malware Config

Extracted

Family

dridex

C2

104.236.91.125:443

217.149.241.121:3389

198.23.146.216:8443

206.189.112.148:691

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

Processes

  • C:\Users\Admin\AppData\Local\Temp\b7fa9d5cf083e7d6a5dc77d4a09fcb486c9c19f118fc0409233289e760e793d2.exe
    "C:\Users\Admin\AppData\Local\Temp\b7fa9d5cf083e7d6a5dc77d4a09fcb486c9c19f118fc0409233289e760e793d2.exe"
    1⤵
      PID:388

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/388-54-0x0000000000400000-0x0000000000430000-memory.dmp

      Filesize

      192KB

    • memory/388-57-0x0000000000240000-0x0000000000246000-memory.dmp

      Filesize

      24KB