Analysis
-
max time kernel
51s -
max time network
89s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
26-06-2022 06:17
General
-
Target
xkmjs35.dll
-
Size
1.0MB
-
MD5
e25df6542aee785f8c1d836895c31f12
-
SHA1
8ede993ca03d023514bdb83488a8a495ccc3524b
-
SHA256
2a6ab44c7c050efc9a9e8123e6865d6f7fefd6c9eb8f74c0815561faeaa51c6b
-
SHA512
0380c78eb09e421cc2d72c4b962d8376f1272a8d326340693c820dd814cea978c4bd4e8c50e4dea6d556c5f19af3279c38554dbd9813f96f391ac51a95d25b42
Score
10/10
Malware Config
Extracted
Family
dridex
Botnet
10444
C2
192.46.210.220:443
143.244.140.214:808
45.77.0.96:6891
185.56.219.47:8116
rc4.plain
rc4.plain
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Blocklisted process makes network request 2 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\xkmjs35.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\xkmjs35.dll,#12⤵
- Blocklisted process makes network request
- Checks whether UAC is enabled
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1868-54-0x0000000000000000-mapping.dmp
-
memory/1868-55-0x0000000076851000-0x0000000076853000-memory.dmpFilesize
8KB
-
memory/1868-56-0x00000000752A0000-0x00000000753BB000-memory.dmpFilesize
1.1MB
-
memory/1868-57-0x00000000752A0000-0x00000000752DD000-memory.dmpFilesize
244KB
-
memory/1868-59-0x00000000752A0000-0x00000000753BB000-memory.dmpFilesize
1.1MB
-
memory/1868-61-0x00000000752A0000-0x00000000753BB000-memory.dmpFilesize
1.1MB