Analysis
-
max time kernel
142s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
03/02/2024, 09:40
General
-
Target
8c011d530f4df962451e86e50d88877d.dll
-
Size
188KB
-
MD5
8c011d530f4df962451e86e50d88877d
-
SHA1
3cf76ffba5e047a2839ca11f39e2c731a6d25fbb
-
SHA256
558fd944053c58d551a1c7d6722dc0fc4cb2687d64cf5c39479ecd826905f58f
-
SHA512
8575d951f21f4924525128f44d3a95ddecf889639fad444937fd139d216e6679fa71f9e1501ebf3ef18e729f5059c5cad03fa8239692d1e52cf95532dbeada2b
-
SSDEEP
3072:CH0uyjZqEpAK+Gf78TBdrXkTM5vhRg9Esf0DwvtyMpVnpA+z6tX8sxKViWZ7dU:CUua/Pv7YNhRIEZDeXVpAxtMsxK
Score
10/10
Malware Config
Extracted
Family
dridex
Botnet
22201
C2
103.82.248.59:443
54.39.98.141:6602
103.109.247.8:10443
rc4.plain
rc4.plain
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Loader 1 IoCs
Detects Dridex both x86 and x64 loader in memory.
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8c011d530f4df962451e86e50d88877d.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8c011d530f4df962451e86e50d88877d.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 3083⤵
- Program crash
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
192KB
-
Filesize
24KB