dridex | 0b110be9ae7f5755dad4e964cd94566a0252586a000feb669c5dd75b2307b214 | Triage

Submit
Reports

Overview

overview

Static

static

8

Subconract_1541.xls

windows7_x64

Subconract_1541.xls

windows10_x64

Sharing

General

Target

Subconract_1541.xls
Size

805KB
Sample

210114-7jczrbyez6
MD5

90501b4eda1eaacd5773c77717050e51
SHA1

31a5e6dab54af69ff3991af5f3c2e8fc83daf975
SHA256

0b110be9ae7f5755dad4e964cd94566a0252586a000feb669c5dd75b2307b214
SHA512

dbc8a965d20aa95e9e3bfde5abcc274ef08b5210e5432f940ce2446a244b2eef19cb216bb4799537e39e6000b1083256cac7e64938a938fe09c6471fe557adf3

Score

10^/10

dridex 111 botnet loader macro macro_on_action ransomware

Static task

static1

macro macro_on_action

Behavioral task

behavioral1

Sample

Subconract_1541.xls

Resource

win7v20201028

dridex 111 botnet loader ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Subconract_1541.xls

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

dridex

Botnet

111

C2

52.73.70.149:443

8.4.9.152:3786

185.246.87.202:3098

50.116.111.64:5353

rc4.plain

rc4.plain

Targets

- Target
  
  Subconract_1541.xls
- Size
  
  805KB
- MD5
  
  90501b4eda1eaacd5773c77717050e51
- SHA1
  
  31a5e6dab54af69ff3991af5f3c2e8fc83daf975
- SHA256
  
  0b110be9ae7f5755dad4e964cd94566a0252586a000feb669c5dd75b2307b214
- SHA512
  
  dbc8a965d20aa95e9e3bfde5abcc274ef08b5210e5432f940ce2446a244b2eef19cb216bb4799537e39e6000b1083256cac7e64938a938fe09c6471fe557adf3
Score

10^/10

dridex 111 botnet loader ransomware
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Loads dropped DLL
- JavaScript code in executable
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

macromacro_on_action

behavioral1

dridex111botnetloaderransomware

behavioral2

© 2018-2024

Terms | Privacy