dridex | 4d13b0dda7b538ae90a79ac5bbb872f3aba6fd798c2900c4580bc59ae8623b1f | Triage

Submit
Reports

Overview

overview

Static

static

8

Inv 4529.xls

windows7_x64

Inv 4529.xls

windows10_x64

Sharing

General

Target

Inv 4529.xls
Size

793KB
Sample

210114-tvgx7zpg8s
MD5

8db799f159631efb77a2d8c7c0099399
SHA1

8f202b18d37b68a26d53a64cc6c4b7b127c6c94b
SHA256

4d13b0dda7b538ae90a79ac5bbb872f3aba6fd798c2900c4580bc59ae8623b1f
SHA512

78506c8a91f09a98f015462b3a88ee1c08552bb2a396a1103106a4b71438633a52a6315c50700c229e5775fb9b87f3201ccda9a9b7a4d67e906a5c6bc7ff3bcc

Score

10^/10

dridex 111 botnet loader macro macro_on_action ransomware

Static task

static1

macro macro_on_action

Behavioral task

behavioral1

Sample

Inv 4529.xls

Resource

win7v20201028

dridex 111 botnet loader ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Inv 4529.xls

Resource

win10v20201028

dridex 111 botnet loader ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

dridex

Botnet

111

C2

52.73.70.149:443

8.4.9.152:3786

185.246.87.202:3098

50.116.111.64:5353

rc4.plain

rc4.plain

Targets

- Target
  
  Inv 4529.xls
- Size
  
  793KB
- MD5
  
  8db799f159631efb77a2d8c7c0099399
- SHA1
  
  8f202b18d37b68a26d53a64cc6c4b7b127c6c94b
- SHA256
  
  4d13b0dda7b538ae90a79ac5bbb872f3aba6fd798c2900c4580bc59ae8623b1f
- SHA512
  
  78506c8a91f09a98f015462b3a88ee1c08552bb2a396a1103106a4b71438633a52a6315c50700c229e5775fb9b87f3201ccda9a9b7a4d67e906a5c6bc7ff3bcc
Score

10^/10

dridex 111 botnet loader ransomware
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Loads dropped DLL
- JavaScript code in executable
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

macromacro_on_action

behavioral1

dridex111botnetloaderransomware

behavioral2

dridex111botnetloaderransomware

© 2018-2024

Terms | Privacy