Order_Gift_Card_411022863.doc

Target

Size

112KB

Sample

201126-b1lvw4dgca

Score

10 ^/10

MD5

07faf71908158870c1e1af97bd89d12d

SHA1

567052f0b8b453932db3e18208990bca12bcc167

SHA256

255327cc966eebcdb52f94414c36920585f2190ae10a9560db5047def717b2ac

SHA512

3acc7099c87cfb54abf823b00839a3c928ae853cf6c83c19bc29a79af4fca45a573f88ac4b60f83698aed718b443d0ec3ac130954b5d0fb71e239b76da6e414d

Extracted

Language	ps1
Source
URLs	https://burstner.clabris.se/ http://bespokeweddings.ie/ https://conjurosdeamoryhechiceriaacacio.com/ https://keitauniv.keita.ae/ https://cms.keita.ae/ https://airbornegroup.net/ https://phones.pmrspain.com/ http://oya.qa/ exe.dropper https://burstner.clabris.se/ exe.dropper http://bespokeweddings.ie/ exe.dropper https://conjurosdeamoryhechiceriaacacio.com/ exe.dropper https://keitauniv.keita.ae/ exe.dropper https://cms.keita.ae/ exe.dropper https://airbornegroup.net/ exe.dropper https://phones.pmrspain.com/ exe.dropper http://oya.qa/

Extracted

Family	dridex
Version	10555
C2	194.225.58.216:443 178.254.40.132:691 216.172.165.70:3889 198.57.200.100:3786 194.225.58.216:443 178.254.40.132:691 216.172.165.70:3889 198.57.200.100:3786
rc4.plain
rc4.plain

Target

Order_Gift_Card_411022863.doc

MD5

07faf71908158870c1e1af97bd89d12d

Filesize

112KB

Score

10 ^/10

SHA1

567052f0b8b453932db3e18208990bca12bcc167

SHA256

255327cc966eebcdb52f94414c36920585f2190ae10a9560db5047def717b2ac

SHA512

3acc7099c87cfb54abf823b00839a3c928ae853cf6c83c19bc29a79af4fca45a573f88ac4b60f83698aed718b443d0ec3ac130954b5d0fb71e239b76da6e414d

Signatures

Dridex

Description

Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

Tags

botnet dridex
Process spawned unexpected child process

Description

This typically indicates the parent process was compromised via an exploit or macro.
Dridex Loader

Description

Detects Dridex both x86 and x64 loader in memory.

Tags

botnet loader
Blacklisted process makes network request
Loads dropped DLL
Checks installed software on the system

Description

Looks up Uninstall key entries in the registry to enumerate software on the system.

Tags

discovery

TTPs

Query Registry
Checks whether UAC is enabled

Tags

evasion trojan

TTPs

System Information Discovery
Drops file in System32 directory

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

macro

8^/10

behavioral1

dridex botnet discovery evasion loader trojan

10^/10

behavioral2

dridex botnet discovery evasion loader trojan

10^/10

Extracted

Extracted

Tags

Signatures

Dridex

Description

Tags

Process spawned unexpected child process

Description

Dridex Loader

Description

Tags

Blacklisted process makes network request

Loads dropped DLL

Checks installed software on the system

Description

Tags

TTPs

Checks whether UAC is enabled

Tags

TTPs

Drops file in System32 directory

Related Tasks

static1

behavioral1

behavioral2