dridex | 857b5c1209e2bec7dda0c80b92123f4ceb15f8c560f23551804e4bd09b94e901 | Triage

Submit
Reports

Overview

overview

Static

static

sample2020...1.xlsm

windows7_x64

1

sample2020...1.xlsm

windows10_x64

Sharing

General

Target

sample20201021-01.xlsm
Size

43KB
Sample

201021-s4mt87qfga
MD5

0ec3a0613d2fc39417eaccebaedfcdf0
SHA1

0195cdd1579f6be5f143e36c942075ae811c0595
SHA256

857b5c1209e2bec7dda0c80b92123f4ceb15f8c560f23551804e4bd09b94e901
SHA512

2f77e01859e5a54f7002b3ea13a17167589e4aa2b48b71a17d9d86f515af81b95acbbbfadcbd94818eb9a9ece47d2b7205dff8253329d9165ad9914b6f2af3f3

Score

10^/10

dridex 10444 botnet cryptone loader packer

Static task

static1

Behavioral task

behavioral1

Sample

sample20201021-01.xlsm

Resource

win7

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

sample20201021-01.xlsm

Resource

win10

dridex 10444 botnet cryptone loader packer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

79.137.29.86:443

87.106.191.77:3889

44.48.26.99:4664

178.254.22.25:33443

rc4.plain

rc4.plain

Targets

- Target
  
  sample20201021-01.xlsm
- Size
  
  43KB
- MD5
  
  0ec3a0613d2fc39417eaccebaedfcdf0
- SHA1
  
  0195cdd1579f6be5f143e36c942075ae811c0595
- SHA256
  
  857b5c1209e2bec7dda0c80b92123f4ceb15f8c560f23551804e4bd09b94e901
- SHA512
  
  2f77e01859e5a54f7002b3ea13a17167589e4aa2b48b71a17d9d86f515af81b95acbbbfadcbd94818eb9a9ece47d2b7205dff8253329d9165ad9914b6f2af3f3
Score

10^/10

dridex 10444 botnet cryptone loader packer
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

dridex10444botnetcryptoneloaderpacker

© 2018-2024

Terms | Privacy