Order_Gift_Card.961396645.doc

Target

Size

112KB

Sample

201126-9jgh78d49n

Score

10 ^/10

MD5

7d46d3da88253c6abcc426ce9fb9e3c5

SHA1

8dbd9d1bfe48c59b5704d6275f478e768230c81d

SHA256

9ca6330ecc859154893e48bed53317005670c23c5d58bca8e991177cbb7324e9

SHA512

9a19fa0d30c49384582aeb323a44e13118281e55e26c9de668eebf222862761c4e47cdcfbea6a6e6eb2a93d436af16989d4f42870ae1dfa5b7c0e015b52be559

Extracted

Language	ps1
Source
URLs	https://burstner.clabris.se/ http://bespokeweddings.ie/ https://conjurosdeamoryhechiceriaacacio.com/ https://keitauniv.keita.ae/ https://cms.keita.ae/ https://airbornegroup.net/ https://phones.pmrspain.com/ http://oya.qa/ exe.dropper https://burstner.clabris.se/ exe.dropper http://bespokeweddings.ie/ exe.dropper https://conjurosdeamoryhechiceriaacacio.com/ exe.dropper https://keitauniv.keita.ae/ exe.dropper https://cms.keita.ae/ exe.dropper https://airbornegroup.net/ exe.dropper https://phones.pmrspain.com/ exe.dropper http://oya.qa/

Extracted

Family	dridex
Version	10555
C2	194.225.58.216:443 178.254.40.132:691 216.172.165.70:3889 198.57.200.100:3786 194.225.58.216:443 178.254.40.132:691 216.172.165.70:3889 198.57.200.100:3786
rc4.plain
rc4.plain

Target

Order_Gift_Card.961396645.doc

MD5

7d46d3da88253c6abcc426ce9fb9e3c5

Filesize

112KB

Score

10 ^/10

SHA1

8dbd9d1bfe48c59b5704d6275f478e768230c81d

SHA256

9ca6330ecc859154893e48bed53317005670c23c5d58bca8e991177cbb7324e9

SHA512

9a19fa0d30c49384582aeb323a44e13118281e55e26c9de668eebf222862761c4e47cdcfbea6a6e6eb2a93d436af16989d4f42870ae1dfa5b7c0e015b52be559

Signatures

Dridex

Description

Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

Tags

botnet dridex
Process spawned unexpected child process

Description

This typically indicates the parent process was compromised via an exploit or macro.
Dridex Loader

Description

Detects Dridex both x86 and x64 loader in memory.

Tags

botnet loader
Blacklisted process makes network request
Loads dropped DLL
Checks installed software on the system

Description

Looks up Uninstall key entries in the registry to enumerate software on the system.

Tags

discovery

TTPs

Query Registry
Checks whether UAC is enabled

Tags

evasion trojan

TTPs

System Information Discovery
Drops file in System32 directory

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

macro

8^/10

behavioral1

dridex botnet discovery evasion loader trojan

10^/10

behavioral2

dridex botnet discovery evasion loader trojan

10^/10

Extracted

Extracted

Tags

Signatures

Dridex

Description

Tags

Process spawned unexpected child process

Description

Dridex Loader

Description

Tags

Blacklisted process makes network request

Loads dropped DLL

Checks installed software on the system

Description

Tags

TTPs

Checks whether UAC is enabled

Tags

TTPs

Drops file in System32 directory

Related Tasks

static1

behavioral1

behavioral2