Overview

overview

10

Static

static

10

Dropper/Berbew.exe

windows10-2004-x64

10

Dropper/Phorphiex.exe

windows10-2004-x64

10

out.exe

windows10-2004-x64

3

RAT/31.exe

windows10-2004-x64

10

RAT/XClient.exe

windows10-2004-x64

10

RAT/file.exe

windows10-2004-x64

7

Ransomware...-2.exe

windows10-2004-x64

10

Ransomware...01.exe

windows10-2004-x64

10

Ransomware...lt.exe

windows10-2004-x64

10

Stealers/Azorult.exe

windows10-2004-x64

10

Stealers/B...on.exe

windows10-2004-x64

10

Stealers/Dridex.dll

windows10-2004-x64

10

Stealers/M..._2.exe

windows10-2004-x64

10

Stealers/lumma.exe

windows10-2004-x64

10

Trojan/BetaBot.exe

windows10-2004-x64

10

Trojan/Smo...er.exe

windows10-2004-x64

10

Resubmissions

03-09-2024 14:02

240903-rb57sazdqf 10

03-09-2024 13:51

240903-q59avszclf 10

02-09-2024 19:51

240902-yk8gtsxbpd 10

02-09-2024 02:27

240902-cxh7tazflg 10

02-09-2024 02:26

240902-cwxc2sygll 10

21-06-2024 19:37

240621-yca7cszgnd 10

09-06-2024 17:07

240609-vm7rjadd73 10

13-05-2024 17:36

240513-v6qblafe3y 10

12-05-2024 17:17

240512-vty3zafh5s 10

Analysis

  • max time kernel
    149s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-09-2024 02:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Stealers/Dridex.dll

  • Size

    1.2MB

  • MD5

    304109f9a5c3726818b4c3668fdb71fd

  • SHA1

    2eb804e205d15d314e7f67d503940f69f5dc2ef8

  • SHA256

    af26296c75ff26f7ee865df424522d75366ae3e2e80d7d9e89ef8c9398b0836d

  • SHA512

    cf01fca33392dc40495f4c39eb1fd240b425018c7088ca9782d883bb135b5dd469a11941d0d680a69e881fa95c4147d70fe567aeba7e98ff6adfd5c0ca1a0e01

  • SSDEEP

    24576:ZVHchfFcSTdS1ZikTqpaIJvzSqbY/0Z2ZlECMNXkTlzvmJL8:ZV8hf6STw1ZlQauvzSq01ICe6zvm

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Stealers\Dridex.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:1028
  • C:\Windows\system32\wscript.exe
    C:\Windows\system32\wscript.exe
    1⤵
      PID:2704
    • C:\Users\Admin\AppData\Local\aCa7z\wscript.exe
      C:\Users\Admin\AppData\Local\aCa7z\wscript.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2636
    • C:\Windows\system32\GamePanel.exe
      C:\Windows\system32\GamePanel.exe
      1⤵
        PID:2764
      • C:\Users\Admin\AppData\Local\VCSl\GamePanel.exe
        C:\Users\Admin\AppData\Local\VCSl\GamePanel.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:5092
      • C:\Windows\system32\psr.exe
        C:\Windows\system32\psr.exe
        1⤵
          PID:944
        • C:\Users\Admin\AppData\Local\zsyaV\psr.exe
          C:\Users\Admin\AppData\Local\zsyaV\psr.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2632

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\VCSl\GamePanel.exe
          Filesize

          1.2MB

          MD5

          266f6a62c16f6a889218800762b137be

          SHA1

          31b9bd85a37bf0cbb38a1c30147b83671458fa72

          SHA256

          71f8f11f26f3a7c1498373f20f0f4cc960513d0383fe24906eeb1bc9678beecd

          SHA512

          b21d9b0656ab6bd3b158922722a332f07096ddd4215c802776c5807c9cf6ece40082dd986ea6867bdc8d22878ce035a5c8dfcc26cfae94aeee059701b6bf1e68

          Download Submit

        • C:\Users\Admin\AppData\Local\VCSl\dxgi.dll
          Filesize

          1.2MB

          MD5

          73d3deba31eeb84c58aadf7ca27914dc

          SHA1

          e01f5b8f99f814b288f3002bb611c17f81b6ae41

          SHA256

          771b0b34023385153c23a970808a8f940005db06a52a10b906be25bd6295d78c

          SHA512

          a3deb8a389035b414c3c1117b800fed36e9b6f811200e8981618b50f1c88ecbd25f75cdfd4b1fa19f78b4e5f776f1a9074c468fefd0ecb02eaa1b4302538acaa

          Download Submit

        • C:\Users\Admin\AppData\Local\aCa7z\VERSION.dll
          Filesize

          1.2MB

          MD5

          2082bb8de97db19e8e7c70f1c582d61e

          SHA1

          adce0238e2e4fc321f31a0d02ad5d4c2e328cfad

          SHA256

          fa8edb179179109a9c81db84d608247e78b97509ffff4890ef45f3994764a637

          SHA512

          808eb3e56f129cbd6f5c7a2cb469642c46c90eb08ae0098849a3cfa8958d3569b2eac089b675e2b64e5f47b73bc4db332f93f77e17e5432fef48b528023b3830

          Download Submit

        • C:\Users\Admin\AppData\Local\aCa7z\wscript.exe
          Filesize

          166KB

          MD5

          a47cbe969ea935bdd3ab568bb126bc80

          SHA1

          15f2facfd05daf46d2c63912916bf2887cebd98a

          SHA256

          34008e2057df8842df210246995385a0441dc1e081d60ad15bd481e062e7f100

          SHA512

          f5c81e6dc4d916944304fc85136e1ff6dee29a21e50a54fe6280a475343eccbfe094171d62475db5f38e07898c061126158c34d48b9d8f4f57f76d49e564e3fc

          Download Submit

        • C:\Users\Admin\AppData\Local\zsyaV\XmlLite.dll
          Filesize

          1.2MB

          MD5

          f59fe94ffafde622e8a60653ef4fb5ee

          SHA1

          9edef60427c8bd8a45f50dc81887e57fc8745120

          SHA256

          61d9bdb8698f77faf91da157b20872d0126ae14472dcadf321e8c86e15d190df

          SHA512

          0afb4c2aa4f8bf093dcb83e1c16c32360fbc6064c24d6e47376bd56fca56845a4fc86c7115434c48dc64f9ae7a5e099d817270c4b9c1ab5f57e4c8a3b5e847ae

          Download Submit

        • C:\Users\Admin\AppData\Local\zsyaV\psr.exe
          Filesize

          232KB

          MD5

          ad53ead5379985081b7c3f1f357e545a

          SHA1

          6f5aa32c1d15fbf073558fadafd046d97b60184e

          SHA256

          4f0144f0e3e721b44babbf41b513942e4117f730546105480571f9c8fce56a1f

          SHA512

          433098bd74c34fbadfa447ef45cfa9dc076aef4cf7f2a0a6fe79d5e67f2504eebe8aa31fc1b7a4c5eeb20ede2c5485f75ad0fd77b4ecba3d68ca63313e6f6ea0

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Mihblavoyj.lnk
          Filesize

          1KB

          MD5

          15f3e7c3359c18977e817980326539f9

          SHA1

          f3666ee4b25f2955ab93a520d69c656128bc0c27

          SHA256

          acef460d8b035261643afee54a9536029bfb72cdcec2876e08a0e756c201f5cd

          SHA512

          2c6616ff768462bfb4cb50e5f937540154d3f57afc09544046329991aa877c711ddfd57ebcdecf00c848aeaa08105648aa04902fd1e547b85fb334dcd67d5fd3

          Download Submit

        • memory/1028-3-0x00000236A6CD0000-0x00000236A6CD7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1028-39-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1028-0-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2632-86-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2636-49-0x000002A344420000-0x000002A344427000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2636-46-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2636-52-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3372-25-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3372-16-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3372-7-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3372-36-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3372-9-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3372-10-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3372-11-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3372-12-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3372-13-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3372-8-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3372-29-0x0000000007CD0000-0x0000000007CD7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3372-30-0x00007FF8CBE90000-0x00007FF8CBEA0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3372-4-0x0000000007D00000-0x0000000007D01000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3372-6-0x00007FF8CB56A000-0x00007FF8CB56B000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3372-15-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3372-14-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/5092-69-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/5092-63-0x0000024159470000-0x0000024159477000-memory.dmp

          Filesize

          28KB

          Download