Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Analysis

  • max time kernel
    91s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-09-2022 08:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    97a9fa55178dfe2851bb26c7b9a1901b795f7b73ea41ec6c2e312db778d0f716.exe

  • Size

    327KB

  • MD5

    ddb4d3c5ec363c148445581709c261fd

  • SHA1

    f5b9739ac522ee977d626450efe146aede362366

  • SHA256

    97a9fa55178dfe2851bb26c7b9a1901b795f7b73ea41ec6c2e312db778d0f716

  • SHA512

    94a88f80f856f99452e48a910c2b5e616ad94c3ad7aa5aa2d1b9fae461f38a03b82fe0c9e35dbcec2029dc72ccc2fcfb347bc7e90bd53f3e54f40377b1d10753

  • SSDEEP

    6144:xfLFLcVcwMbfDjZArmiGZ0AO5ldf4knigabwVfs:xfLtcCwcfDlALbAO5lBiB

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

141.98.82.229:4001

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\97a9fa55178dfe2851bb26c7b9a1901b795f7b73ea41ec6c2e312db778d0f716.exe
    "C:\Users\Admin\AppData\Local\Temp\97a9fa55178dfe2851bb26c7b9a1901b795f7b73ea41ec6c2e312db778d0f716.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:4692
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 492
      2⤵
      • Program crash
      PID:4120
  • C:\ProgramData\jkbc\gmrxb.exe
    C:\ProgramData\jkbc\gmrxb.exe start
    1⤵
    • Executes dropped EXE
    PID:1304
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4692 -ip 4692
    1⤵
      PID:2788

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\jkbc\gmrxb.exe
      Filesize

      327KB

      MD5

      ddb4d3c5ec363c148445581709c261fd

      SHA1

      f5b9739ac522ee977d626450efe146aede362366

      SHA256

      97a9fa55178dfe2851bb26c7b9a1901b795f7b73ea41ec6c2e312db778d0f716

      SHA512

      94a88f80f856f99452e48a910c2b5e616ad94c3ad7aa5aa2d1b9fae461f38a03b82fe0c9e35dbcec2029dc72ccc2fcfb347bc7e90bd53f3e54f40377b1d10753

      Download Submit
    • C:\ProgramData\jkbc\gmrxb.exe
      Filesize

      327KB

      MD5

      ddb4d3c5ec363c148445581709c261fd

      SHA1

      f5b9739ac522ee977d626450efe146aede362366

      SHA256

      97a9fa55178dfe2851bb26c7b9a1901b795f7b73ea41ec6c2e312db778d0f716

      SHA512

      94a88f80f856f99452e48a910c2b5e616ad94c3ad7aa5aa2d1b9fae461f38a03b82fe0c9e35dbcec2029dc72ccc2fcfb347bc7e90bd53f3e54f40377b1d10753

      Download Submit
    • memory/1304-137-0x00000000006FD000-0x000000000070E000-memory.dmp
      Filesize

      68KB

      Download
    • memory/1304-138-0x0000000000400000-0x0000000000457000-memory.dmp
      Filesize

      348KB

      Download
    • memory/1304-139-0x00000000006FD000-0x000000000070E000-memory.dmp
      Filesize

      68KB

      Download
    • memory/4692-132-0x00000000006E2000-0x00000000006F3000-memory.dmp
      Filesize

      68KB

      Download
    • memory/4692-133-0x00000000001F0000-0x00000000001F9000-memory.dmp
      Filesize

      36KB

      Download
    • memory/4692-134-0x0000000000400000-0x0000000000457000-memory.dmp
      Filesize

      348KB

      Download
    • memory/4692-140-0x00000000006E2000-0x00000000006F3000-memory.dmp
      Filesize

      68KB

      Download