Sales_Invoice_186311_725945_from_Inc.xls

General
Target

Sales_Invoice_186311_725945_from_Inc.xls

Size

51KB

Sample

201111-h4v2l73s2e

Score
10 /10
MD5

e696a3e6497ced315b344d6ab1aa6c5f

SHA1

66c6efb7cc4b48bd6e4a14d9edae16bb7e21ffd0

SHA256

7bb7de3215d3e8a98b95fee746692f710b91da494b80bc7fe73636875dc610b7

SHA512

3879731cb03d4b5d7bc441ca30495cd781cec86205a8fdf6091695598f23974be1c71bbd1e34b17a2989412f5725ef5e7d504ff7c6452014d9e5d3def2dfab61

Malware Config

Extracted

Family dridex
Botnet 10444
C2

77.220.64.39:443

69.164.207.140:3388

78.47.139.43:4443

103.244.206.74:33443

rc4.plain
rc4.plain
Targets
Target

Sales_Invoice_186311_725945_from_Inc.xls

MD5

e696a3e6497ced315b344d6ab1aa6c5f

Filesize

51KB

Score
10 /10
SHA1

66c6efb7cc4b48bd6e4a14d9edae16bb7e21ffd0

SHA256

7bb7de3215d3e8a98b95fee746692f710b91da494b80bc7fe73636875dc610b7

SHA512

3879731cb03d4b5d7bc441ca30495cd781cec86205a8fdf6091695598f23974be1c71bbd1e34b17a2989412f5725ef5e7d504ff7c6452014d9e5d3def2dfab61

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Process spawned unexpected child process

    Description

    This typically indicates the parent process was compromised via an exploit or macro.

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Tags

  • Loads dropped DLL

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      8/10

                      behavioral1

                      10/10

                      behavioral2

                      10/10