Overview

overview

10

Static

static

8

Sales_Invo...nc.xls

windows7_x64

10

Sales_Invo...nc.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Sales_Invoice_186311_725945_from_Inc.xls

  • Size

    51KB

  • Sample

    201111-h4v2l73s2e

  • MD5

    e696a3e6497ced315b344d6ab1aa6c5f

  • SHA1

    66c6efb7cc4b48bd6e4a14d9edae16bb7e21ffd0

  • SHA256

    7bb7de3215d3e8a98b95fee746692f710b91da494b80bc7fe73636875dc610b7

  • SHA512

    3879731cb03d4b5d7bc441ca30495cd781cec86205a8fdf6091695598f23974be1c71bbd1e34b17a2989412f5725ef5e7d504ff7c6452014d9e5d3def2dfab61

Score
10/10
dridex10444botnetloadermacro

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

77.220.64.39:443

69.164.207.140:3388

78.47.139.43:4443

103.244.206.74:33443
rc4.plain
1
Zic9HDI1K9wuWX5zz3JLX92sd5NMxkCz2FwlfM
rc4.plain
1
QYwMw9GVv0tVd3HOmtJuAScWKnaDkpdSPdA90hkvfCvvPLTbAPuA2TpyMSDDlm6bo2p2

Targets

    • Target

      Sales_Invoice_186311_725945_from_Inc.xls

    • Size

      51KB

    • MD5

      e696a3e6497ced315b344d6ab1aa6c5f

    • SHA1

      66c6efb7cc4b48bd6e4a14d9edae16bb7e21ffd0

    • SHA256

      7bb7de3215d3e8a98b95fee746692f710b91da494b80bc7fe73636875dc610b7

    • SHA512

      3879731cb03d4b5d7bc441ca30495cd781cec86205a8fdf6091695598f23974be1c71bbd1e34b17a2989412f5725ef5e7d504ff7c6452014d9e5d3def2dfab61

    Score
    10/10
    dridex10444botnetloader

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.