dridex | 7bb7de3215d3e8a98b95fee746692f710b91da494b80bc7fe73636875dc610b7 | Triage

Submit
Reports

Overview

overview

Static

static

8

Sales_Invo...nc.xls

windows7_x64

Sales_Invo...nc.xls

windows10_x64

Sharing

General

Target

Sales_Invoice_186311_725945_from_Inc.xls
Size

51KB
Sample

201111-h4v2l73s2e
MD5

e696a3e6497ced315b344d6ab1aa6c5f
SHA1

66c6efb7cc4b48bd6e4a14d9edae16bb7e21ffd0
SHA256

7bb7de3215d3e8a98b95fee746692f710b91da494b80bc7fe73636875dc610b7
SHA512

3879731cb03d4b5d7bc441ca30495cd781cec86205a8fdf6091695598f23974be1c71bbd1e34b17a2989412f5725ef5e7d504ff7c6452014d9e5d3def2dfab61

Score

10^/10

dridex 10444 botnet loader macro

Static task

static1

Behavioral task

behavioral1

Sample

Sales_Invoice_186311_725945_from_Inc.xls

Resource

win7v20201028

dridex 10444 botnet loader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Sales_Invoice_186311_725945_from_Inc.xls

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

77.220.64.39:443

69.164.207.140:3388

78.47.139.43:4443

103.244.206.74:33443

rc4.plain

rc4.plain

Targets

- Target
  
  Sales_Invoice_186311_725945_from_Inc.xls
- Size
  
  51KB
- MD5
  
  e696a3e6497ced315b344d6ab1aa6c5f
- SHA1
  
  66c6efb7cc4b48bd6e4a14d9edae16bb7e21ffd0
- SHA256
  
  7bb7de3215d3e8a98b95fee746692f710b91da494b80bc7fe73636875dc610b7
- SHA512
  
  3879731cb03d4b5d7bc441ca30495cd781cec86205a8fdf6091695598f23974be1c71bbd1e34b17a2989412f5725ef5e7d504ff7c6452014d9e5d3def2dfab61
Score

10^/10

dridex 10444 botnet loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Suspicious use of NtCreateProcessExOtherParentProcess
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridex10444botnetloader

behavioral2

© 2018-2024

Terms | Privacy