dridex | f840af54c53ff3e231e7da48ecace780f92c2c66c291a96d25e74737d7a2a99e | Triage

Submit
Reports

Overview

overview

Static

static

8

printouts ...1.xlsm

windows7_x64

printouts ...1.xlsm

windows10_x64

Sharing

General

Target

printouts of outstanding_as_of_01_20_2021.xlsm
Size

33KB
Sample

210120-lwckkz6fvn
MD5

acd2eac5bbcece32cac93280892829cd
SHA1

95c4411d37764f5a3817cfd80167d312b7de19e7
SHA256

f840af54c53ff3e231e7da48ecace780f92c2c66c291a96d25e74737d7a2a99e
SHA512

011621ecf7a9bea8f28e61df04d904e4b267fccdd87e05aa70bd6a3bd38711bff5e71eb1236b154d0652a0a905c682ca96413afa9dc0f0fee674c4a3ad06ee88

Score

10^/10

dridex 10444 botnet loader macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

printouts of outstanding_as_of_01_20_2021.xlsm

Resource

win7v20201028

dridex 10444 botnet loader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

printouts of outstanding_as_of_01_20_2021.xlsm

Resource

win10v20201028

dridex 10444 botnet loader

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

Extracted

Family

dridex

Botnet

10444

C2

194.225.58.214:443

211.110.44.63:5353

69.164.207.140:3388

198.57.200.100:3786

rc4.plain

rc4.plain

Targets

- Target
  
  printouts of outstanding_as_of_01_20_2021.xlsm
- Size
  
  33KB
- MD5
  
  acd2eac5bbcece32cac93280892829cd
- SHA1
  
  95c4411d37764f5a3817cfd80167d312b7de19e7
- SHA256
  
  f840af54c53ff3e231e7da48ecace780f92c2c66c291a96d25e74737d7a2a99e
- SHA512
  
  011621ecf7a9bea8f28e61df04d904e4b267fccdd87e05aa70bd6a3bd38711bff5e71eb1236b154d0652a0a905c682ca96413afa9dc0f0fee674c4a3ad06ee88
Score

10^/10

dridex 10444 botnet loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10444botnetloader

behavioral2

dridex10444botnetloader

© 2018-2024

Terms | Privacy