Analysis

  • max time kernel
    82s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13-09-2024 10:40

General

  • Target

    72c1cfcf6d333a31cab273280b78f9e0N.dll

  • Size

    223KB

  • MD5

    72c1cfcf6d333a31cab273280b78f9e0

  • SHA1

    568c775f5d7721e12d823dc123d6296c952ea201

  • SHA256

    512f8f34ebad353ac38c7fccd94c0a67c3adf957d69645c6086ac11f6698fb01

  • SHA512

    e4dc76da9c0a02343cafe3c821cbad88d5fc53b908aa298dd72f8287f9f9f98348273a2c0417367532dd274d6e801674c2a5d882e49c99d1620f02774f8cbd17

  • SSDEEP

    3072:yopj6gTxmzaCEH8nFb369t9EtpiU7FZEz57GEYd4ntfrOulzQhos:FpjtUzy8nF8YN73Ez57Gz4VyWzQis

Malware Config

Extracted

Family

dridex

Botnet

40111

C2

159.8.59.84:443

198.20.253.36:6601

162.144.76.184:2303

rc4.plain
1
EtGa2nbHa8hkz1jd6gNHwhffvweZBaKxNV
rc4.plain
1
iTYWdxxh0ntpBBHJf9nQvZJyOwaWHVQfcbtGJ7ApSrj9JyXqWjn3IhmGlNR4LEv7kNeHKgvA

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

  • Dridex Loader 2 IoCs

    Detects Dridex both x86 and x64 loader in memory.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\72c1cfcf6d333a31cab273280b78f9e0N.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1852
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\72c1cfcf6d333a31cab273280b78f9e0N.dll,#1
      2⤵
      • Checks whether UAC is enabled
      • System Location Discovery: System Language Discovery
      PID:1752

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1752-0-0x0000000000190000-0x0000000000196000-memory.dmp

    Filesize

    24KB

  • memory/1752-1-0x0000000074850000-0x0000000074885000-memory.dmp

    Filesize

    212KB

  • memory/1752-2-0x0000000074850000-0x0000000074885000-memory.dmp

    Filesize

    212KB

  • memory/1752-3-0x0000000000190000-0x0000000000196000-memory.dmp

    Filesize

    24KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.