Analysis
-
max time kernel
112s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
12-07-2022 03:15
General
-
Target
8270f037f4d4365f56382c60c6aff8689a4802e8.exe
-
Size
87KB
-
MD5
269d3560e5410398f1d6a16eedac6f18
-
SHA1
8270f037f4d4365f56382c60c6aff8689a4802e8
-
SHA256
9c2334f02ba3d78293b210167cb36daa503ad5b1cd25d03574a076888b29e66a
-
SHA512
9c9f8d66b3ae1265a09c50072afa781a885a857c81c87d88a097c2c319117e74dfc737a03b7851461b35b0415aa598358cfabaf928009dc0f9510147e4ea6435
Score
10/10
Malware Config
Extracted
Family
dridex
C2
46.105.131.67:443
67.207.148.158:443
184.106.153.73:443
208.78.100.202:1801
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8270f037f4d4365f56382c60c6aff8689a4802e8.exe"C:\Users\Admin\AppData\Local\Temp\8270f037f4d4365f56382c60c6aff8689a4802e8.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\raserver.exeC:\Windows\SysWOW64\raserver.exe "C:\Users\Admin\AppData\Local\Temp\8270f037f4d4365f56382c60c6aff8689a4802e8.exe"2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/5084-130-0x0000000000000000-mapping.dmp
-
memory/5084-131-0x0000000000760000-0x0000000000779000-memory.dmpFilesize
100KB
-
memory/5084-133-0x0000000000760000-0x0000000000779000-memory.dmpFilesize
100KB
-
memory/5084-132-0x0000000000760000-0x0000000000779000-memory.dmpFilesize
100KB