33.0.0 White Diamond
IR
510696
CloudBasic
05:05:01
28/10/2021
SecuriteInfo.com.Variant.Razy.980776.5008.1370
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
7f1dd5795783f0793caec052daae5b4e
7ffda23921e29ba6ecd911cfe4ccaaba6b8832ca
ef94fa9978503a9a126e4f15296c130e039e67636a55acb5b10778e09ee0d1d3
Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
true
false
false
false
84
0
100
5
0
5
false
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
false
AB5C36D10261C173C5896F3478CDC6B7
87AC53810AD125663519E944BC87DED3979CBEE4
F8E90FB0557FE49D7702CFB506312AC0B24C97802F9C782696DB6D47F434E8E9
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
false
E66FF5BA4EFD24F9FB241ADEEBFFCED5
7F1B57D2AEAA051405987A55C4E4A720E31B7875
ACD77DBD6ABD455C0DF9AA888F6C460BC2DB991FABB31D45EFC72177A6A652F0
45.77.0.96
185.56.219.47
192.46.210.220
143.244.140.214
Found malware configuration
Yara detected Dridex unpacked file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
C2 URLs / IPs found in malware configuration
Detected Dridex e-Banking trojan