Overview

overview

10

Static

static

h0pr8ad8y.dll

windows7_x64

10

h0pr8ad8y.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    43s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    26-06-2022 05:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    h0pr8ad8y.dll

  • Size

    1.0MB

  • MD5

    e89d3eb135ec079aeede207b2f096014

  • SHA1

    9278bb8b1d6e5fc2e509d3efacb2efe77a4ec93f

  • SHA256

    a6165037e61807f6eb845bf9fae546bb9290685335c0ed50e6102ca9857e5fe9

  • SHA512

    666a13c7eadb52d43410791fb46ea92fe017d416f8347ed3c749a95ca257b43dd251bf12705b45287e8fc52979d8e54569d97d98a670ae46ca9201eb5e29c239

Score
10/10
dridex10444botnetdiscoveryevasiontrojan

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

192.46.210.220:443

143.244.140.214:808

45.77.0.96:6891

185.56.219.47:8116
rc4.plain
rc4.plain

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Blocklisted process makes network request 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\h0pr8ad8y.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:756
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\h0pr8ad8y.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Checks whether UAC is enabled
      PID:872

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/872-54-0x0000000000000000-mapping.dmp

    Download

  • memory/872-55-0x00000000763E1000-0x00000000763E3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/872-56-0x0000000074900000-0x0000000074A1B000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/872-57-0x0000000074900000-0x000000007493D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/872-58-0x0000000074900000-0x0000000074A1B000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/872-60-0x0000000074900000-0x0000000074A1B000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/872-61-0x0000000074900000-0x0000000074A1B000-memory.dmp

    Filesize

    1.1MB

    Download