Behavioral task
behavioral1
Sample
2320-2-0x0000000002350000-0x0000000002448000-memory.dll
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2320-2-0x0000000002350000-0x0000000002448000-memory.dll
Resource
win10v2004-20231215-en
General
-
Target
2320-2-0x0000000002350000-0x0000000002448000-memory.dmp
-
Size
992KB
-
MD5
d1c44ef8905b3f35ecd656b83dffb52e
-
SHA1
c8a5b1fb0b69637c1cc016366e2449ef52d4ad1b
-
SHA256
f40b26f6ee72d7b85debfdfe79392e95487c6aca9eb850ac5c94e0a94fdadea5
-
SHA512
347ea66bbd78020f4416ca3464c3187b3216e58189975c3dabcaea15e1ea5e51884fe4a73c5af97a0f8ea37440f13bdc21fe7f18d5ccaddd70af0ff390a81712
-
SSDEEP
3072:Zyj53IgK8iiPlf5LnFyBcEtZxWeXF7A9JhCSEQHlpiV07Y7HzOyshEVfKEvkgn:4JKU3oj7Atc7qDgvkW
Malware Config
Extracted
dridex
10444
194.225.58.214:443
211.110.44.63:5353
69.164.207.140:3388
198.57.200.100:3786
Signatures
-
Dridex family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2320-2-0x0000000002350000-0x0000000002448000-memory.dmp
Files
-
2320-2-0x0000000002350000-0x0000000002448000-memory.dmp.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.text Size: 208KB - Virtual size: 207KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 640B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ