Analysis
-
max time kernel
43s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
26-06-2022 05:35
General
-
Target
h0pr8ad8y.dll
-
Size
1.0MB
-
MD5
e89d3eb135ec079aeede207b2f096014
-
SHA1
9278bb8b1d6e5fc2e509d3efacb2efe77a4ec93f
-
SHA256
a6165037e61807f6eb845bf9fae546bb9290685335c0ed50e6102ca9857e5fe9
-
SHA512
666a13c7eadb52d43410791fb46ea92fe017d416f8347ed3c749a95ca257b43dd251bf12705b45287e8fc52979d8e54569d97d98a670ae46ca9201eb5e29c239
Score
10/10
Malware Config
Extracted
Family
dridex
Botnet
10444
C2
192.46.210.220:443
143.244.140.214:808
45.77.0.96:6891
185.56.219.47:8116
rc4.plain
rc4.plain
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Blocklisted process makes network request 2 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\h0pr8ad8y.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\h0pr8ad8y.dll,#12⤵
- Blocklisted process makes network request
- Checks whether UAC is enabled
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/872-54-0x0000000000000000-mapping.dmp
-
memory/872-55-0x00000000763E1000-0x00000000763E3000-memory.dmpFilesize
8KB
-
memory/872-56-0x0000000074900000-0x0000000074A1B000-memory.dmpFilesize
1.1MB
-
memory/872-57-0x0000000074900000-0x000000007493D000-memory.dmpFilesize
244KB
-
memory/872-58-0x0000000074900000-0x0000000074A1B000-memory.dmpFilesize
1.1MB
-
memory/872-60-0x0000000074900000-0x0000000074A1B000-memory.dmpFilesize
1.1MB
-
memory/872-61-0x0000000074900000-0x0000000074A1B000-memory.dmpFilesize
1.1MB