Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
20-12-2024 07:29
Behavioral task
behavioral1
Sample
0500d9f9581ae3ebab1e89b44f09b18c1e10cfe13a4b9be84114b3544d7c6e53.exe
Resource
win7-20240903-en
General
-
Target
0500d9f9581ae3ebab1e89b44f09b18c1e10cfe13a4b9be84114b3544d7c6e53.exe
-
Size
1.2MB
-
MD5
462c1076f65690f7389f1334023b84b7
-
SHA1
4269a4b88642af3ddb4e1ca057bc5fa8a1e6beb4
-
SHA256
0500d9f9581ae3ebab1e89b44f09b18c1e10cfe13a4b9be84114b3544d7c6e53
-
SHA512
fc8e0cad540a40fb3198b61ab20bb935128d6d1ba368594dcf639f839e0bc653ea39ca57fcb1b6662ea164e7f3b2d416515290477588e84b39fb89cf858d9710
-
SSDEEP
3072:wnW15JigWq7Y+jbkGenScL1FsrKY/gnl4PNN0Bi3434YFOmOXoHOZNxjRIp4WMHs:wKqqel7oe4nmOXouZqjXJa5Ga
Malware Config
Extracted
dridex
10111
162.241.44.26:9443
185.184.25.234:4664
138.201.138.91:3389
Signatures
-
Dridex family
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 0500d9f9581ae3ebab1e89b44f09b18c1e10cfe13a4b9be84114b3544d7c6e53.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 0500d9f9581ae3ebab1e89b44f09b18c1e10cfe13a4b9be84114b3544d7c6e53.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\0500d9f9581ae3ebab1e89b44f09b18c1e10cfe13a4b9be84114b3544d7c6e53.exe"C:\Users\Admin\AppData\Local\Temp\0500d9f9581ae3ebab1e89b44f09b18c1e10cfe13a4b9be84114b3544d7c6e53.exe"1⤵
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
PID:968