General
-
Target
Inv_997240_527764.xlsm
-
Size
51KB
-
Sample
201118-cvnpveapme
-
MD5
ed931b0cc827a4f9051f80b6598a4f6e
-
SHA1
4ec5ef894b046c2486b63b503c6b93fc2c873188
-
SHA256
a0f15919fdcbd8208938d1118be24041fc917ca3a9a7be768eb08574fe80f447
-
SHA512
a7c7c5b2aca294cd15ff57bbbaf62d0b410ae0618c2a61bda4e2685cd6dc490cdc53dad8a329c96e59143cdb06cf32f781bd7554bd78ff45f11a0a7bac21bf5e
Malware Config
Extracted
dridex
10444
162.241.44.26:9443
192.232.229.53:4443
77.220.64.34:443
193.90.12.121:3098
Targets
-
-
Target
Inv_997240_527764.xlsm
-
Size
51KB
-
MD5
ed931b0cc827a4f9051f80b6598a4f6e
-
SHA1
4ec5ef894b046c2486b63b503c6b93fc2c873188
-
SHA256
a0f15919fdcbd8208938d1118be24041fc917ca3a9a7be768eb08574fe80f447
-
SHA512
a7c7c5b2aca294cd15ff57bbbaf62d0b410ae0618c2a61bda4e2685cd6dc490cdc53dad8a329c96e59143cdb06cf32f781bd7554bd78ff45f11a0a7bac21bf5e
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
CryptOne packer
Detects CryptOne packer defined in NCC blogpost.
-
Dridex Loader
Detects Dridex both x86 and x64 loader in memory.
-
Loads dropped DLL
-