Overview

overview

10

Static

static

8

Notificati...23.xls

windows7_x64

10

Notificati...23.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Notification_30123.xls

  • Size

    712KB

  • Sample

    210114-dqqw63sv6x

  • MD5

    b85ecc80652b17815971cc13eb057e54

  • SHA1

    dd8a1d3ecc7a27d39aaf60c438ef8374a3afe887

  • SHA256

    f3c837323c135a7d7ed9d03f856c81463abb80174211117f4bda193a55f1b78e

  • SHA512

    f87ccacc2f3792c33466ee49fc3a918f4589251abd5eb511778f0da8fc3bdfc373579c01d816cb19ff5b1aa0272d7291f2c1eb6498d065b2f8573231bf1c7003

Score
10/10
dridex111botnetloadermacromacro_on_actionransomware

Malware Config

Extracted

Family

dridex

Botnet

111

C2

52.73.70.149:443

8.4.9.152:3786

185.246.87.202:3098

50.116.111.64:5353
rc4.plain
rc4.plain

Targets

    • Target

      Notification_30123.xls

    • Size

      712KB

    • MD5

      b85ecc80652b17815971cc13eb057e54

    • SHA1

      dd8a1d3ecc7a27d39aaf60c438ef8374a3afe887

    • SHA256

      f3c837323c135a7d7ed9d03f856c81463abb80174211117f4bda193a55f1b78e

    • SHA512

      f87ccacc2f3792c33466ee49fc3a918f4589251abd5eb511778f0da8fc3bdfc373579c01d816cb19ff5b1aa0272d7291f2c1eb6498d065b2f8573231bf1c7003

    Score
    10/10
    dridex111botnetloaderransomware

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader

    • Blocklisted process makes network request

    • Loads dropped DLL

    • JavaScript code in executable

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks