dridex | 83386fb9fa084ea2de1f106d155a819b8090f95c28ed7a0f3c9756910bcedc5b | Triage

Submit
Reports

Overview

overview

Static

static

8

Notificati...23.xls

windows7_x64

Notificati...23.xls

windows10_x64

Sharing

General

Target

Notification_71823.xls
Size

724KB
Sample

210113-94pj1gjj9s
MD5

d65ddb3ade34504d44e72ba9db953916
SHA1

8bcccc3bce9568919160024dbc3144de359f2d5f
SHA256

83386fb9fa084ea2de1f106d155a819b8090f95c28ed7a0f3c9756910bcedc5b
SHA512

60d7a503c24c3b324c185f7010642e874271d759ff58fd0dcc7184683d6c1d3a2e322f19d26f04174ac14fe6a96f97f13fcfde16bd74ab72ed29d30ecb0d198d

Score

10^/10

dridex 111 botnet loader macro ransomware

Static task

static1

Behavioral task

behavioral1

Sample

Notification_71823.xls

Resource

win7v20201028

dridex 111 botnet loader ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Notification_71823.xls

Resource

win10v20201028

dridex 111 botnet loader ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

dridex

Botnet

111

C2

52.73.70.149:443

8.4.9.152:3786

185.246.87.202:3098

50.116.111.64:5353

rc4.plain

rc4.plain

Targets

- Target
  
  Notification_71823.xls
- Size
  
  724KB
- MD5
  
  d65ddb3ade34504d44e72ba9db953916
- SHA1
  
  8bcccc3bce9568919160024dbc3144de359f2d5f
- SHA256
  
  83386fb9fa084ea2de1f106d155a819b8090f95c28ed7a0f3c9756910bcedc5b
- SHA512
  
  60d7a503c24c3b324c185f7010642e874271d759ff58fd0dcc7184683d6c1d3a2e322f19d26f04174ac14fe6a96f97f13fcfde16bd74ab72ed29d30ecb0d198d
Score

10^/10

dridex 111 botnet loader ransomware
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Loads dropped DLL
- JavaScript code in executable
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex111botnetloaderransomware

behavioral2

dridex111botnetloaderransomware

© 2018-2024

Terms | Privacy