dridex | 08a4f7ec8149e54ab39741f32f4f877257c5bc3cb1473b7cca0c86b58f0abcf2 | Triage

Submit
Reports

Overview

overview

Static

static

8

Detailed 079.xls

windows7_x64

Detailed 079.xls

windows10_x64

Sharing

General

Target

Detailed 079.xls
Size

700KB
Sample

210114-m2673k9s5j
MD5

f701a2158fc4a868d23a084343462fd0
SHA1

ebe1522c21f37590b6e2f2b7a04a79fd52de028f
SHA256

08a4f7ec8149e54ab39741f32f4f877257c5bc3cb1473b7cca0c86b58f0abcf2
SHA512

bcdd7fc4652d5f272480f92b974f3130b72af0923cc0c4299fcb8c2d0fc4acc4b232a0aeff130db902928ba82810804ff894149bfd74de1283e76554fd60f4f0

Score

10^/10

dridex 111 botnet loader macro macro_on_action ransomware

Static task

static1

macro macro_on_action

Behavioral task

behavioral1

Sample

Detailed 079.xls

Resource

win7v20201028

dridex 111 botnet loader ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Detailed 079.xls

Resource

win10v20201028

dridex 111 botnet loader ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

dridex

Botnet

111

C2

52.73.70.149:443

8.4.9.152:3786

185.246.87.202:3098

50.116.111.64:5353

rc4.plain

rc4.plain

Targets

- Target
  
  Detailed 079.xls
- Size
  
  700KB
- MD5
  
  f701a2158fc4a868d23a084343462fd0
- SHA1
  
  ebe1522c21f37590b6e2f2b7a04a79fd52de028f
- SHA256
  
  08a4f7ec8149e54ab39741f32f4f877257c5bc3cb1473b7cca0c86b58f0abcf2
- SHA512
  
  bcdd7fc4652d5f272480f92b974f3130b72af0923cc0c4299fcb8c2d0fc4acc4b232a0aeff130db902928ba82810804ff894149bfd74de1283e76554fd60f4f0
Score

10^/10

dridex 111 botnet loader ransomware
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Loads dropped DLL
- JavaScript code in executable
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

macromacro_on_action

behavioral1

dridex111botnetloaderransomware

behavioral2

dridex111botnetloaderransomware

© 2018-2024

Terms | Privacy