Overview

overview

10

Static

static

7

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    127s
  • max time network
    132s
  • platform
    windows10-1703_x64
  • resource
    win10-20230703-en
  • resource tags

    arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
  • submitted
    09-08-2023 08:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ede84803bface8bb45d2f293d8766f6099dab30b1f2d74207398835ff255e385.dll

  • Size

    5.8MB

  • MD5

    e3fe0be8cd50ca837069bc2564ab0532

  • SHA1

    05e41077b6ebefe2fc34b03055f8c5b31cff1664

  • SHA256

    ede84803bface8bb45d2f293d8766f6099dab30b1f2d74207398835ff255e385

  • SHA512

    7fd879b48873530aa3d1933e537f99f53909fc3604da6cc88388e51e560b5aecbe31801f3daf2096c190f7c8e1b878e3566874c2e1f937254cbf8a59654e7497

  • SSDEEP

    98304:QrsZ8pbhGL9G900NEOrx0i5P4GzmJPLYJZLKU9Q+Rg8gvUbgQw3/5cU6mWL:QawGMvrui5VWUDLKUe+yN5Qy5cH

Score
10/10
systembctrojanvmprotect

Malware Config

Extracted

Family

systembc

C2

5.42.65.67:4298

localhost.exchange:4298

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Blocklisted process makes network request 1 IoCs
  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ede84803bface8bb45d2f293d8766f6099dab30b1f2d74207398835ff255e385.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    PID:1632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1632-117-0x00007FFAEA1B0000-0x00007FFAEA1B2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1632-119-0x00007FFAD97B0000-0x00007FFADA17A000-memory.dmp
    Filesize

    9.8MB

    Download
  • memory/1632-118-0x00007FFAEA1C0000-0x00007FFAEA1C2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1632-120-0x00007FFAE9920000-0x00007FFAE9922000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1632-121-0x00007FFAE9930000-0x00007FFAE9932000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1632-122-0x00007FFAE6C20000-0x00007FFAE6C22000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1632-123-0x00007FFAE6C30000-0x00007FFAE6C32000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1632-125-0x00007FFAEA1D0000-0x00007FFAEA1D2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1632-126-0x00007FFAD97B0000-0x00007FFADA17A000-memory.dmp
    Filesize

    9.8MB

    Download