dridex | 4840443a33395062157663a7c4867ee0fcf045db025470b700da29fba3ef65d9 | Triage

Submit
Reports

Overview

overview

Static

static

8

Statement ...1.xlsm

windows7_x64

Statement ...1.xlsm

windows10_x64

Sharing

General

Target

Statement of Account as of_01_20_2021.xlsm
Size

33KB
Sample

210120-4wfk4h8c56
MD5

246c352d27fb02c6daf4bb28647b285f
SHA1

d89273f381711142b75bbb495a876a636b674050
SHA256

4840443a33395062157663a7c4867ee0fcf045db025470b700da29fba3ef65d9
SHA512

abff3849ebd2c7d0de84734cedb9c4c14868db8d9cb2cff03e3bb4a08d69987304dcab26788b8da522d862c4aaa23ea2c641249167f47d9d57892d9f293bd4b8

Score

10^/10

dridex 10444 botnet loader macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

Statement of Account as of_01_20_2021.xlsm

Resource

win7v20201028

dridex 10444 botnet loader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Statement of Account as of_01_20_2021.xlsm

Resource

win10v20201028

dridex 10444 botnet loader

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

Extracted

Family

dridex

Botnet

10444

C2

194.225.58.214:443

211.110.44.63:5353

69.164.207.140:3388

198.57.200.100:3786

rc4.plain

rc4.plain

Targets

- Target
  
  Statement of Account as of_01_20_2021.xlsm
- Size
  
  33KB
- MD5
  
  246c352d27fb02c6daf4bb28647b285f
- SHA1
  
  d89273f381711142b75bbb495a876a636b674050
- SHA256
  
  4840443a33395062157663a7c4867ee0fcf045db025470b700da29fba3ef65d9
- SHA512
  
  abff3849ebd2c7d0de84734cedb9c4c14868db8d9cb2cff03e3bb4a08d69987304dcab26788b8da522d862c4aaa23ea2c641249167f47d9d57892d9f293bd4b8
Score

10^/10

dridex 10444 botnet loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10444botnetloader

behavioral2

dridex10444botnetloader

© 2018-2024

Terms | Privacy