dridex | 137bdd679664e951ea9c919cb447b64d6d24251c406350e78471c1d589f12706 | Triage

Submit
Reports

Overview

overview

Static

static

8

Report 290.xls

windows7_x64

Report 290.xls

windows10_x64

Sharing

General

Target

Report 290.xls
Size

730KB
Sample

210114-tdc452exa2
MD5

59539fde938ac6da898bd587f1850c96
SHA1

2fb5d4ffe1a88cffe59463ac2e7e3996574b1556
SHA256

137bdd679664e951ea9c919cb447b64d6d24251c406350e78471c1d589f12706
SHA512

2ba1a2c5063a7bdab49c4c4f54d637658fe627b4150e0878cdae469811d3a289b6ac07aa7fd7eb02b27ebb64c4e2461712be6b116bba41fdba1e042d1bd2c3b9

Score

10^/10

dridex 111 botnet loader macro macro_on_action ransomware

Static task

static1

macro macro_on_action

Behavioral task

behavioral1

Sample

Report 290.xls

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Report 290.xls

Resource

win10v20201028

dridex 111 botnet loader ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

dridex

Botnet

111

C2

52.73.70.149:443

8.4.9.152:3786

185.246.87.202:3098

50.116.111.64:5353

rc4.plain

rc4.plain

Targets

- Target
  
  Report 290.xls
- Size
  
  730KB
- MD5
  
  59539fde938ac6da898bd587f1850c96
- SHA1
  
  2fb5d4ffe1a88cffe59463ac2e7e3996574b1556
- SHA256
  
  137bdd679664e951ea9c919cb447b64d6d24251c406350e78471c1d589f12706
- SHA512
  
  2ba1a2c5063a7bdab49c4c4f54d637658fe627b4150e0878cdae469811d3a289b6ac07aa7fd7eb02b27ebb64c4e2461712be6b116bba41fdba1e042d1bd2c3b9
Score

10^/10

ransomware dridex 111 botnet loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Loads dropped DLL
- JavaScript code in executable
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

macromacro_on_action

behavioral1

behavioral2

dridex111botnetloaderransomware

© 2018-2024

Terms | Privacy