Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Analysis

  • max time kernel
    91s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-10-2022 10:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    26faccb0c74428581e5bbef324c1b97b8ea051fd2e338458e4f3666df820cc35.exe

  • Size

    272KB

  • MD5

    e65cf57f3ed45b81ab93f646693378b6

  • SHA1

    b89a46ffc0381bad71bb5cb3f4612e6fa5952d62

  • SHA256

    26faccb0c74428581e5bbef324c1b97b8ea051fd2e338458e4f3666df820cc35

  • SHA512

    0bdf0617f38f5c21519b3af66e52ad0c588569c8470488bfd148660f4632a9e0512226d45c88140b9e4686ef75d8e6ed1572a0f1badb51ac3d6f5b9bd2d369b3

  • SSDEEP

    6144:H4fqQKLc4TpsHp9Bn0S1uzbgwugBDg/jykmwVf:HwqQKI4T4TiYunn5c/j

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

45.182.189.231:443

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\26faccb0c74428581e5bbef324c1b97b8ea051fd2e338458e4f3666df820cc35.exe
    "C:\Users\Admin\AppData\Local\Temp\26faccb0c74428581e5bbef324c1b97b8ea051fd2e338458e4f3666df820cc35.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:5076
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 492
      2⤵
      • Program crash
      PID:5108
  • C:\ProgramData\sxuaeqn\jufrxl.exe
    C:\ProgramData\sxuaeqn\jufrxl.exe start
    1⤵
    • Executes dropped EXE
    PID:3056
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 5076 -ip 5076
    1⤵
      PID:856

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\sxuaeqn\jufrxl.exe
      Filesize

      272KB

      MD5

      e65cf57f3ed45b81ab93f646693378b6

      SHA1

      b89a46ffc0381bad71bb5cb3f4612e6fa5952d62

      SHA256

      26faccb0c74428581e5bbef324c1b97b8ea051fd2e338458e4f3666df820cc35

      SHA512

      0bdf0617f38f5c21519b3af66e52ad0c588569c8470488bfd148660f4632a9e0512226d45c88140b9e4686ef75d8e6ed1572a0f1badb51ac3d6f5b9bd2d369b3

      Download Submit
    • C:\ProgramData\sxuaeqn\jufrxl.exe
      Filesize

      272KB

      MD5

      e65cf57f3ed45b81ab93f646693378b6

      SHA1

      b89a46ffc0381bad71bb5cb3f4612e6fa5952d62

      SHA256

      26faccb0c74428581e5bbef324c1b97b8ea051fd2e338458e4f3666df820cc35

      SHA512

      0bdf0617f38f5c21519b3af66e52ad0c588569c8470488bfd148660f4632a9e0512226d45c88140b9e4686ef75d8e6ed1572a0f1badb51ac3d6f5b9bd2d369b3

      Download Submit
    • memory/3056-138-0x0000000000547000-0x0000000000557000-memory.dmp
      Filesize

      64KB

      Download
    • memory/3056-139-0x0000000000400000-0x0000000000449000-memory.dmp
      Filesize

      292KB

      Download
    • memory/5076-132-0x000000000057C000-0x000000000058C000-memory.dmp
      Filesize

      64KB

      Download
    • memory/5076-133-0x0000000002180000-0x0000000002189000-memory.dmp
      Filesize

      36KB

      Download
    • memory/5076-134-0x0000000000400000-0x0000000000449000-memory.dmp
      Filesize

      292KB

      Download
    • memory/5076-135-0x000000000057C000-0x000000000058C000-memory.dmp
      Filesize

      64KB

      Download
    • memory/5076-140-0x000000000057C000-0x000000000058C000-memory.dmp
      Filesize

      64KB

      Download