dridex | 09cceb619174c99d026734f860f26cda0107af31b9153a9f7d6613c86fd57772 | Triage

Submit
Reports

Overview

overview

Static

static

8

Statement ...1.xlsm

windows7_x64

Statement ...1.xlsm

windows10_x64

Sharing

General

Target

Statement of Account as of 01_20_2021.xlsm
Size

37KB
Sample

210120-c64wvt9m1s
MD5

28e9c78dcffb4a80c7bcfcd818791940
SHA1

0f239865c9e2bdd64d2017c7d26cac19dc7d3cde
SHA256

09cceb619174c99d026734f860f26cda0107af31b9153a9f7d6613c86fd57772
SHA512

082d84c5d6b4442f0c6d10231c0368e74906a62348aaf7bb070a602695f9420abc3aa2cce28dfeaaaae784ba7e96a8008ab9e9d5bd6f2a5dfb591e8c8f5729fc

Score

10^/10

dridex 10444 botnet loader macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

Statement of Account as of 01_20_2021.xlsm

Resource

win7v20201028

dridex 10444 botnet loader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Statement of Account as of 01_20_2021.xlsm

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

Extracted

Family

dridex

Botnet

10444

C2

194.225.58.214:443

211.110.44.63:5353

69.164.207.140:3388

198.57.200.100:3786

rc4.plain

rc4.plain

Targets

- Target
  
  Statement of Account as of 01_20_2021.xlsm
- Size
  
  37KB
- MD5
  
  28e9c78dcffb4a80c7bcfcd818791940
- SHA1
  
  0f239865c9e2bdd64d2017c7d26cac19dc7d3cde
- SHA256
  
  09cceb619174c99d026734f860f26cda0107af31b9153a9f7d6613c86fd57772
- SHA512
  
  082d84c5d6b4442f0c6d10231c0368e74906a62348aaf7bb070a602695f9420abc3aa2cce28dfeaaaae784ba7e96a8008ab9e9d5bd6f2a5dfb591e8c8f5729fc
Score

10^/10

dridex 10444 botnet loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10444botnetloader

behavioral2

© 2018-2024

Terms | Privacy