Overview

overview

10

Static

static

rc62n0.dll

windows7_x64

10

rc62n0.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    184s
  • max time network
    187s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    26-06-2022 05:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    rc62n0.dll

  • Size

    500KB

  • MD5

    06888708e24aa2bad5f12b668063e0d8

  • SHA1

    ccdd7e12587ce16013fe5cbf5b3ac7ba9c7bd910

  • SHA256

    83c390d82e19beec14d007b7350f4296c23ce9b3d131a3670ebb7424ad917410

  • SHA512

    12a2306584678b9d39211945e162cc6af2ee12d6a82fec9e743f86f3d4b849086f50bd834dbc9cbb770d3ff0ec0aee027e63e67353552690bbb896c3cb57f1e2

Score
10/10
dridex10444botnet

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

162.241.44.26:9443

192.232.229.53:4443

77.220.64.34:443

193.90.12.121:3098
rc4.plain
rc4.plain

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\rc62n0.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:904
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\rc62n0.dll
      2⤵
        PID:1452

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1452-130-0x0000000000000000-mapping.dmp

      Download

    • memory/1452-131-0x0000000010000000-0x000000001003D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/1452-133-0x0000000010000000-0x0000000010092000-memory.dmp

      Filesize

      584KB

      Download

    • memory/1452-135-0x0000000010000000-0x0000000010092000-memory.dmp

      Filesize

      584KB

      Download