Analysis
-
max time kernel
113s -
max time network
114s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
09-09-2022 10:55
Static task
static1
Behavioral task
behavioral1
Sample
ofivo.exe
Resource
win7-20220812-en
windows7-x64
3 signatures
120 seconds
General
-
Target
ofivo.exe
-
Size
1.1MB
-
MD5
cae374e808266d76644b76dc4de9cd7f
-
SHA1
654c9b47636a3bbdf658786ea970d4ff5576734c
-
SHA256
aed13a2cc773d5e7d2a5dec2739328d12a1b3be21bee6a609fca1e9aba30c280
-
SHA512
027cf8ce307fef440a2f55cffcb3027774460414c3f5ddbc7f2c1392842e935edadb9ce319461ede64bb48cfeea5a5ade72cad8bc99879ee6237a151d694e276
-
SSDEEP
6144:P28+8EYDtVGk9SAb276xn0Ncbgm8jP4VBJwMO0Ho5:P2qJVtsAuwn8wWuJO0I5
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
131.100.24.230:443
188.165.17.91:8443
119.59.125.140:8172
rc4.plain
rc4.plain
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
ofivo.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA ofivo.exe