Analysis

  • max time kernel
    111s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    24/02/2025, 08:07

General

  • Target

    3eab337341a660883dd9fbcc17905dfbc8e6f6ac4207c0c4fc466eafc039e52eN.exe

  • Size

    671KB

  • MD5

    8668a57c51d2cbd4489dc1ed14d213b0

  • SHA1

    6b298e013db31bf2cc10992f4b49177f19c5f4af

  • SHA256

    3eab337341a660883dd9fbcc17905dfbc8e6f6ac4207c0c4fc466eafc039e52e

  • SHA512

    fbe9b69d110d923589068ee54f4a94d9e40cbce2ab6ff36482c19f59c0ac0f7cde11f28f5b171d6331ad7c02bd18971db1af1541fdd4cc85dd92013fef98c6a8

  • SSDEEP

    12288:UYdfTGnYdfTGtsgqZXoYXMHGy1HxHFvja1E+YzVQ7aQEwhD94i:UYdbyYdb6u3XMHGy1JFvuYzPSei

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

5.9.178.143:443

37.139.2.140:3889

49.212.179.180:3889

69.64.62.4:4443

rc4.plain
rc4.plain

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

  • Dridex family
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\3eab337341a660883dd9fbcc17905dfbc8e6f6ac4207c0c4fc466eafc039e52eN.exe
    "C:\Users\Admin\AppData\Local\Temp\3eab337341a660883dd9fbcc17905dfbc8e6f6ac4207c0c4fc466eafc039e52eN.exe"
    1⤵
    • Checks whether UAC is enabled
    • System Location Discovery: System Language Discovery
    PID:2736

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2736-0-0x00000000003A0000-0x00000000003DC000-memory.dmp

    Filesize

    240KB

  • memory/2736-1-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

  • memory/2736-3-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

  • memory/2736-2-0x0000000000400000-0x00000000004B5000-memory.dmp

    Filesize

    724KB