General
-
Target
pzxrk4325.dll
-
Size
355KB
-
Sample
201126-gnkj599wps
-
MD5
457a2d0c13db31222c66c3e623d88063
-
SHA1
15bd1122fe1a910c3b8f255bbe74de5ffed57fd2
-
SHA256
a1658b979357f174c83dcd9867941d8cd917beb3ea67720fa43b6340b27762ba
-
SHA512
5eeb2bfcfedd0703134196a3135bba5bbc59d67ab51bc847c837e4243c1c1a7fa1971a5602af5f6d946ef1a0f5c5f5f1f1807fa5e5d6dc723b6d5888336875c3
Static task
static1
Behavioral task
behavioral1
Sample
pzxrk4325.dll
Resource
win7v20201028
Malware Config
Extracted
dridex
10555
194.225.58.216:443
178.254.40.132:691
216.172.165.70:3889
198.57.200.100:3786
Targets
-
-
Target
pzxrk4325.dll
-
Size
355KB
-
MD5
457a2d0c13db31222c66c3e623d88063
-
SHA1
15bd1122fe1a910c3b8f255bbe74de5ffed57fd2
-
SHA256
a1658b979357f174c83dcd9867941d8cd917beb3ea67720fa43b6340b27762ba
-
SHA512
5eeb2bfcfedd0703134196a3135bba5bbc59d67ab51bc847c837e4243c1c1a7fa1971a5602af5f6d946ef1a0f5c5f5f1f1807fa5e5d6dc723b6d5888336875c3
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-