dridex | c7e6848fd63681514d6dad3032e358a257dde3aa1cd3b349306283356bca2608 | Triage

Submit
Reports

Overview

overview

Static

static

8

1_Total Ne...1.xlsm

windows7_x64

1_Total Ne...1.xlsm

windows10_x64

Sharing

General

Target

1_Total New Invoices-Thursday January 21_2021.xlsm
Size

33KB
Sample

210121-cme91ln2hn
MD5

a52a88ae97dd408d38d98c9aa7f81142
SHA1

234b65bc42a077c98c61a8eb4870d41e0039013e
SHA256

c7e6848fd63681514d6dad3032e358a257dde3aa1cd3b349306283356bca2608
SHA512

5e613f1db0e10dbdb14bc3b0f8ef7816f27a5de9f8fbb63c698e18695d0f6c7872c1e958aa122342b0cdd8d0dea70f1b23dae85ef9ae6ef893b69d30d903feab

Score

10^/10

dridex 10444 botnet loader macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

1_Total New Invoices-Thursday January 21_2021.xlsm

Resource

win7v20201028

dridex 10444 botnet loader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1_Total New Invoices-Thursday January 21_2021.xlsm

Resource

win10v20201028

dridex 10444 botnet loader

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

Extracted

Family

dridex

Botnet

10444

C2

194.225.58.214:443

211.110.44.63:5353

69.164.207.140:3388

198.57.200.100:3786

rc4.plain

rc4.plain

Targets

- Target
  
  1_Total New Invoices-Thursday January 21_2021.xlsm
- Size
  
  33KB
- MD5
  
  a52a88ae97dd408d38d98c9aa7f81142
- SHA1
  
  234b65bc42a077c98c61a8eb4870d41e0039013e
- SHA256
  
  c7e6848fd63681514d6dad3032e358a257dde3aa1cd3b349306283356bca2608
- SHA512
  
  5e613f1db0e10dbdb14bc3b0f8ef7816f27a5de9f8fbb63c698e18695d0f6c7872c1e958aa122342b0cdd8d0dea70f1b23dae85ef9ae6ef893b69d30d903feab
Score

10^/10

dridex 10444 botnet loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex10444botnetloader

behavioral2

dridex10444botnetloader

© 2018-2024

Terms | Privacy