dridex | 566dc4913b97ded117228c2850122e4761ec67dc44b304e29f2d5959318c7496 | Triage

Submit
Reports

Overview

overview

Static

static

DHL_Billin...2.xlsm

windows7_x64

DHL_Billin...2.xlsm

windows10_x64

Sharing

General

Target

DHL_Billing_Invoice 1375130042.xlsm
Size

54KB
Sample

201118-p9j5wvl8r6
MD5

d36fe8561ddae6c583bf4a794ca2fa82
SHA1

29160334a39d5a42e493a0ceb4fe2615c5231842
SHA256

566dc4913b97ded117228c2850122e4761ec67dc44b304e29f2d5959318c7496
SHA512

5bfc5c8b0c97999bd4ebddffe106fd35eba31c64b9f6a577045d336338619f2b985229147a5dc2c06115895c55f218b3676bcaad6de823d0e6279d22ad0ccea1

Score

10^/10

dridex 10444 botnet cryptone loader packer

Static task

static1

Behavioral task

behavioral1

Sample

DHL_Billing_Invoice 1375130042.xlsm

Resource

win7v20201028

dridex 10444 botnet cryptone loader packer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

DHL_Billing_Invoice 1375130042.xlsm

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

162.241.44.26:9443

192.232.229.53:4443

77.220.64.34:443

193.90.12.121:3098

rc4.plain

rc4.plain

Targets

- Target
  
  DHL_Billing_Invoice 1375130042.xlsm
- Size
  
  54KB
- MD5
  
  d36fe8561ddae6c583bf4a794ca2fa82
- SHA1
  
  29160334a39d5a42e493a0ceb4fe2615c5231842
- SHA256
  
  566dc4913b97ded117228c2850122e4761ec67dc44b304e29f2d5959318c7496
- SHA512
  
  5bfc5c8b0c97999bd4ebddffe106fd35eba31c64b9f6a577045d336338619f2b985229147a5dc2c06115895c55f218b3676bcaad6de823d0e6279d22ad0ccea1
Score

10^/10

dridex 10444 botnet cryptone loader packer
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Suspicious use of NtCreateProcessExOtherParentProcess
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10444botnetcryptoneloaderpacker

behavioral2

© 2018-2024

Terms | Privacy