Information-478224510.doc

General
Target

Information-478224510.doc

Size

127KB

Sample

201119-74s9dj6n86

Score
10 /10
MD5

bb0198d56eff259292f821cf9777f4ea

SHA1

67e6018e71d49acecab8018ec3e31388e5afdb09

SHA256

8880aa45619f26fcb4cca6671e7decc6dcf94163344a819a156ed9f5bd414d0b

SHA512

26585f0ae9576b40ff6635b464fa1cc3947e549a45f0648b4b754ef3225bb605ff5dd4926483636c85eed595102a57eacff634bef65e83cbd3dd54e823f1907f

Malware Config

Extracted

Language ps1
Deobfuscated
URLs
exe.dropper

http://wordpress.abbeytek.com/gb9b076.zip

exe.dropper

http://garywhitehead.com/j64cw5.rar

exe.dropper

http://test.taphoare.com/j4r7zap.rar

exe.dropper

http://deepfreedom.org/qz0h69.pdf

exe.dropper

http://forestof.life/gkd9jtb9z.png

exe.dropper

https://rockingrenergy.info/b6exhyx4.zip

exe.dropper

https://aeromiic.com/l8uvw4.pdf

exe.dropper

http://jkra.nl/ce5c6ut.pdf

exe.dropper

https://amazedelectrical.com.au/ff2e84tvk.pdf

Extracted

Family dridex
Botnet 10555
C2

162.241.44.26:9443

192.232.229.53:4443

77.220.64.34:443

193.90.12.121:3098

rc4.plain
rc4.plain
Targets
Target

Information-478224510.doc

MD5

bb0198d56eff259292f821cf9777f4ea

Filesize

127KB

Score
10 /10
SHA1

67e6018e71d49acecab8018ec3e31388e5afdb09

SHA256

8880aa45619f26fcb4cca6671e7decc6dcf94163344a819a156ed9f5bd414d0b

SHA512

26585f0ae9576b40ff6635b464fa1cc3947e549a45f0648b4b754ef3225bb605ff5dd4926483636c85eed595102a57eacff634bef65e83cbd3dd54e823f1907f

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Process spawned unexpected child process

    Description

    This typically indicates the parent process was compromised via an exploit or macro.

  • Dridex Loader

    Description

    Detects Dridex both x86 and x64 loader in memory.

    Tags

  • Blocklisted process makes network request

  • Loads dropped DLL

  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery
  • Drops file in System32 directory

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation