General
-
Target
Invoice_005241060.xlsm
-
Size
29KB
-
Sample
201116-xgwhdvnv42
-
MD5
ef3b7f93392bee34ef3a27b9dd95b148
-
SHA1
f35848fdcc1900e68d7bae5818f0dbe6b58ebe48
-
SHA256
406ae986c72382231fae46850d054ce174f5a70ccf948d21d8e48663c16ec081
-
SHA512
57f6386b615406f2768b9837889dfe00bf17d04d63505f22eee49725c0ee57adda790bcbff38ca388e025df2b8e51e3d924029c666711d3da32a182157ae4220
Malware Config
Extracted
dridex
10444
77.220.64.53:443
172.96.190.154:4664
209.126.111.137:33443
167.99.158.82:33443
Targets
-
-
Target
Invoice_005241060.xlsm
-
Size
29KB
-
MD5
ef3b7f93392bee34ef3a27b9dd95b148
-
SHA1
f35848fdcc1900e68d7bae5818f0dbe6b58ebe48
-
SHA256
406ae986c72382231fae46850d054ce174f5a70ccf948d21d8e48663c16ec081
-
SHA512
57f6386b615406f2768b9837889dfe00bf17d04d63505f22eee49725c0ee57adda790bcbff38ca388e025df2b8e51e3d924029c666711d3da32a182157ae4220
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
CryptOne packer
Detects CryptOne packer defined in NCC blogpost.
-
Dridex Loader
Detects Dridex both x86 and x64 loader in memory.
-
Loads dropped DLL
-