Analysis

  • max time kernel
    75s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-12-2024 11:26

General

  • Target

    2020-04-14_20-25-01.exe

  • Size

    260KB

  • MD5

    8a988984d3a01e7462c7db414247f3ca

  • SHA1

    95dc47b625c5ae8b165658cc24bcaec136faf479

  • SHA256

    afb5161c6f1903013a24a6fcd3b39210df5025f776ea7c35ebc8911fef8e1cca

  • SHA512

    b59b64af284f697da946df3b09f8e9bd7e84bc924c07e33db1b07d470724e3bf437b2907bd226ee249afe84f646948d71613c782ffdadee2af3c02021ad24274

  • SSDEEP

    3072:5oov7ySiyJKOhHlUZeJnmhwEIRcAF09LQmnddpWuNWQVKLKWNe9XTAKjb9DKwjzC:7yDyJKOhHeL6RhS9LJuQeKWwrb9nr624

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

5.45.179.186:443

54.38.143.246:691

159.65.79.173:3886

153.122.13.133:1443

rc4.plain
rc4.plain

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

  • Dridex family
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2020-04-14_20-25-01.exe
    "C:\Users\Admin\AppData\Local\Temp\2020-04-14_20-25-01.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:636

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/636-1-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/636-0-0x00000000021A0000-0x00000000021CA000-memory.dmp

    Filesize

    168KB

  • memory/636-2-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/636-3-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB