Analysis
-
max time kernel
186s -
max time network
193s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
08-07-2022 07:48
Behavioral task
behavioral1
Sample
b06759c84016072b3f0192cdc095305af42bd1afa40353a4220413dc082825b6.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
b06759c84016072b3f0192cdc095305af42bd1afa40353a4220413dc082825b6.exe
-
Size
1.6MB
-
MD5
372dc041ce307882399cf03a4a3ec882
-
SHA1
8443ae12e21abdbd21e1d1406fbd8cede146390e
-
SHA256
b06759c84016072b3f0192cdc095305af42bd1afa40353a4220413dc082825b6
-
SHA512
f9b6c9c9a0d8c57d1d6a54c3c9e300aac3203ddfff00d6bead7b3fa402881686ea51db727b3bd3c3384893628d71273ebbf0416f6e8c5f11d81f24e37ad9f869
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
81.169.224.222:3389
62.75.168.106:3886
82.165.152.127:3389
rc4.plain
rc4.plain
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
b06759c84016072b3f0192cdc095305af42bd1afa40353a4220413dc082825b6.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA b06759c84016072b3f0192cdc095305af42bd1afa40353a4220413dc082825b6.exe