Overview

overview

10

Static

static

Inv_121314_42664.xlsm

windows7_x64

10

Inv_121314_42664.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Inv_121314_42664.xlsm

  • Size

    26KB

  • Sample

    201102-1ldr4jfsyn

  • MD5

    1b109efade90ace7d953507adb1f1563

  • SHA1

    e4eef787b94f80e5374a2058cafc6a37d3fa2c0f

  • SHA256

    2ec35da14989692e77df25d56c7b1d43a3e93a72ec2fc7cce67b2fa448744752

  • SHA512

    4c16f6fcbb91b7a75cf7f1b2bb9938aa4275c0954f9ec1a2b189e100b53e225d0bfb2ae95dd167a794a6e88feb8fece8d05c6ce8149ae975d34886cff32a937f

Score
10/10
dridex10444botnetcryptoneloaderpacker

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

195.154.237.245:443

46.105.131.73:8172

91.238.160.158:18443

213.183.128.99:3786
rc4.plain
rc4.plain

Targets

    • Target

      Inv_121314_42664.xlsm

    • Size

      26KB

    • MD5

      1b109efade90ace7d953507adb1f1563

    • SHA1

      e4eef787b94f80e5374a2058cafc6a37d3fa2c0f

    • SHA256

      2ec35da14989692e77df25d56c7b1d43a3e93a72ec2fc7cce67b2fa448744752

    • SHA512

      4c16f6fcbb91b7a75cf7f1b2bb9938aa4275c0954f9ec1a2b189e100b53e225d0bfb2ae95dd167a794a6e88feb8fece8d05c6ce8149ae975d34886cff32a937f

    Score
    10/10
    dridex10444botnetcryptoneloaderpacker

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

      cryptonepacker

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks