Overview

overview

10

Static

static

1

3eab337341...eN.exe

windows7-x64

10

3eab337341...eN.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    110s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/02/2025, 08:07 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3eab337341a660883dd9fbcc17905dfbc8e6f6ac4207c0c4fc466eafc039e52eN.exe

  • Size

    671KB

  • MD5

    8668a57c51d2cbd4489dc1ed14d213b0

  • SHA1

    6b298e013db31bf2cc10992f4b49177f19c5f4af

  • SHA256

    3eab337341a660883dd9fbcc17905dfbc8e6f6ac4207c0c4fc466eafc039e52e

  • SHA512

    fbe9b69d110d923589068ee54f4a94d9e40cbce2ab6ff36482c19f59c0ac0f7cde11f28f5b171d6331ad7c02bd18971db1af1541fdd4cc85dd92013fef98c6a8

  • SSDEEP

    12288:UYdfTGnYdfTGtsgqZXoYXMHGy1HxHFvja1E+YzVQ7aQEwhD94i:UYdbyYdb6u3XMHGy1JFvuYzPSei

Score
10/10
dridex10111botnetdefense_evasiondiscoverytrojan

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

5.9.178.143:443

37.139.2.140:3889

49.212.179.180:3889

69.64.62.4:4443
rc4.plain
1
u90A57wj30sXYK2g442pCkRTJE7oeEa8ICS7HAYHljU
rc4.plain
1
lVOkQw00oSW6w7m3SX560QjK296hfwSqMP7YG7DtfNbTP8maBCEoV4V6VztYFNc

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    defense_evasiontrojan
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\3eab337341a660883dd9fbcc17905dfbc8e6f6ac4207c0c4fc466eafc039e52eN.exe
    "C:\Users\Admin\AppData\Local\Temp\3eab337341a660883dd9fbcc17905dfbc8e6f6ac4207c0c4fc466eafc039e52eN.exe"
    1⤵
    • Checks whether UAC is enabled
    • System Location Discovery: System Language Discovery
    PID:2876

Network

  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.ax-0001.ax-msedge.net
    g-bing-com.ax-0001.ax-msedge.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd8cef6bb321497ea243923d69894e00&localId=w:7A7CDDEC-10AD-70C3-CBA3-32B71A66CD90&deviceId=6755478849407355&anid=
    Remote address:
    150.171.27.10:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd8cef6bb321497ea243923d69894e00&localId=w:7A7CDDEC-10AD-70C3-CBA3-32B71A66CD90&deviceId=6755478849407355&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=2AC130EB0C516239052D25760DFD6340; domain=.bing.com; expires=Sat, 21-Mar-2026 08:07:56 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: ABDC3D93EB1942F29018649D15D0B614 Ref B: FRA31EDGE0114 Ref C: 2025-02-24T08:07:56Z
    date: Mon, 24 Feb 2025 08:07:56 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=dd8cef6bb321497ea243923d69894e00&localId=w:7A7CDDEC-10AD-70C3-CBA3-32B71A66CD90&deviceId=6755478849407355&anid=
    Remote address:
    150.171.27.10:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=dd8cef6bb321497ea243923d69894e00&localId=w:7A7CDDEC-10AD-70C3-CBA3-32B71A66CD90&deviceId=6755478849407355&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=2AC130EB0C516239052D25760DFD6340
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=b4u1qeTmIXLunWaZdlEfy7KckVMwvnr8RiZIe-8du8g; domain=.bing.com; expires=Sat, 21-Mar-2026 08:07:56 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: D615CAFB151F400EAB1A2444DFF61F4D Ref B: FRA31EDGE0114 Ref C: 2025-02-24T08:07:56Z
    date: Mon, 24 Feb 2025 08:07:56 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd8cef6bb321497ea243923d69894e00&localId=w:7A7CDDEC-10AD-70C3-CBA3-32B71A66CD90&deviceId=6755478849407355&anid=
    Remote address:
    150.171.27.10:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd8cef6bb321497ea243923d69894e00&localId=w:7A7CDDEC-10AD-70C3-CBA3-32B71A66CD90&deviceId=6755478849407355&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=2AC130EB0C516239052D25760DFD6340; MSPTC=b4u1qeTmIXLunWaZdlEfy7KckVMwvnr8RiZIe-8du8g
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: F422687645274D3B92D033D6914F074E Ref B: FRA31EDGE0114 Ref C: 2025-02-24T08:07:56Z
    date: Mon, 24 Feb 2025 08:07:56 GMT
  • flag-gb
    GET
    https://www.bing.com/th?id=OADD2.10239414284817_1UVYYSBXC4CID8KBL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=48&h=48&dynsize=1&qlt=90
    Remote address:
    2.16.34.123:443
    Request
    GET /th?id=OADD2.10239414284817_1UVYYSBXC4CID8KBL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=48&h=48&dynsize=1&qlt=90 HTTP/2.0
    host: www.bing.com
    accept: */*
    cookie: MUID=2AC130EB0C516239052D25760DFD6340; MSPTC=b4u1qeTmIXLunWaZdlEfy7KckVMwvnr8RiZIe-8du8g
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-type: image/jpeg
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    content-length: 1981
    date: Mon, 24 Feb 2025 08:07:57 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.4f221002.1740384477.8bf3a
  • 150.171.27.10:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd8cef6bb321497ea243923d69894e00&localId=w:7A7CDDEC-10AD-70C3-CBA3-32B71A66CD90&deviceId=6755478849407355&anid=
    tls, http2
    2.0kB
     9.4kB
     21
    19

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd8cef6bb321497ea243923d69894e00&localId=w:7A7CDDEC-10AD-70C3-CBA3-32B71A66CD90&deviceId=6755478849407355&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=dd8cef6bb321497ea243923d69894e00&localId=w:7A7CDDEC-10AD-70C3-CBA3-32B71A66CD90&deviceId=6755478849407355&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd8cef6bb321497ea243923d69894e00&localId=w:7A7CDDEC-10AD-70C3-CBA3-32B71A66CD90&deviceId=6755478849407355&anid=

    HTTP Response

    204
  • 2.16.34.123:443
    https://www.bing.com/th?id=OADD2.10239414284817_1UVYYSBXC4CID8KBL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=48&h=48&dynsize=1&qlt=90
    tls, http2
    1.6kB
     7.3kB
     18
    14

    HTTP Request

    GET https://www.bing.com/th?id=OADD2.10239414284817_1UVYYSBXC4CID8KBL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=48&h=48&dynsize=1&qlt=90

    HTTP Response

    200
  • 5.9.178.143:443
    3eab337341a660883dd9fbcc17905dfbc8e6f6ac4207c0c4fc466eafc039e52eN.exe
    260 B
     200 B
     5
    5
  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     148 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    150.171.27.10
    150.171.28.10

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2876-0-0x0000000000680000-0x00000000006BC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2876-1-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2876-2-0x0000000000400000-0x00000000004B5000-memory.dmp

    Filesize

    724KB

    Download

  • memory/2876-3-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.