Overview

overview

10

Static

static

8

Fax 740.xls

windows7_x64

10

Fax 740.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Fax 740.xls

  • Size

    886KB

  • Sample

    210114-k1dgpz4svx

  • MD5

    d7213d92bb25a6163ab3b79ba75f95a0

  • SHA1

    9e7d2f00b517a32d2f69ac0c41e48d09507abf5b

  • SHA256

    2f34e34033c25325694ee6e100e8b2c0deff78d0527acd72ebc598048ba74fe5

  • SHA512

    c57e459822b1463ed646824f74371ec518d09a710f41bc1022657794ec65a1eea2d404267543c076cd5e740d1e79238ddf43a3ed63463d7f7bf22e76de34d0a5

Score
10/10
dridex111botnetloadermacromacro_on_actionransomware

Malware Config

Extracted

Family

dridex

Botnet

111

C2

52.73.70.149:443

8.4.9.152:3786

185.246.87.202:3098

50.116.111.64:5353
rc4.plain
rc4.plain

Targets

    • Target

      Fax 740.xls

    • Size

      886KB

    • MD5

      d7213d92bb25a6163ab3b79ba75f95a0

    • SHA1

      9e7d2f00b517a32d2f69ac0c41e48d09507abf5b

    • SHA256

      2f34e34033c25325694ee6e100e8b2c0deff78d0527acd72ebc598048ba74fe5

    • SHA512

      c57e459822b1463ed646824f74371ec518d09a710f41bc1022657794ec65a1eea2d404267543c076cd5e740d1e79238ddf43a3ed63463d7f7bf22e76de34d0a5

    Score
    10/10
    dridex111botnetloaderransomware

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader

    • Blocklisted process makes network request

    • Loads dropped DLL

    • JavaScript code in executable

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks