General
-
Target
sample20210113-01.xlsm
-
Size
44KB
-
Sample
210113-cl12vw5rhn
-
MD5
b777540ad31de24618cb9818debb2fd4
-
SHA1
6e18fab506aefe0e1d1bdbb7bf61963075a4db61
-
SHA256
39c47b42df4d66fe9b9e4cb03f486a6a8a11770010dd6537c55d2899b2e2021a
-
SHA512
907ca45f11527b8446f00e79268e1f03817c0fb7097965cb69267ec82f25eeddec64651e4c2079f8a7661404549e26230ee4cd35633fda96af8f664ea0f05a68
Malware Config
Extracted
http://dedicace.radio-ifge.fr/p5i1wraxt.zip
Extracted
dridex
10444
221.126.244.72:443
195.231.69.151:3889
157.7.166.26:5353
Targets
-
-
Target
sample20210113-01.xlsm
-
Size
44KB
-
MD5
b777540ad31de24618cb9818debb2fd4
-
SHA1
6e18fab506aefe0e1d1bdbb7bf61963075a4db61
-
SHA256
39c47b42df4d66fe9b9e4cb03f486a6a8a11770010dd6537c55d2899b2e2021a
-
SHA512
907ca45f11527b8446f00e79268e1f03817c0fb7097965cb69267ec82f25eeddec64651e4c2079f8a7661404549e26230ee4cd35633fda96af8f664ea0f05a68
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Dridex Loader
Detects Dridex both x86 and x64 loader in memory.
-
Loads dropped DLL
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-