General
-
Target
SpaceX Starbase Invite.xlsm
-
Size
242KB
-
Sample
210308-es3p5p9a5j
-
MD5
b46aa5f81d293bc7791a720b6447d01f
-
SHA1
a8ab19110c407b6e04e460fa8bc33685868a026d
-
SHA256
2355f05bca712ce31b1fef911395862eb34e73db7a3ca0a6bee2664024e47518
-
SHA512
8c3b80ff99948aa1f67ed9b6a9c5b2b1225b9246b71b7a8f97661bd054339f67e82aa7f118fed8462ce20ff1a58d9f07cb07c91f1220ac48d8fd1502f1be1e93
Malware Config
Extracted
dridex
111
77.220.64.135:443
107.180.90.10:6601
31.24.158.56:7275
Targets
-
-
Target
SpaceX Starbase Invite.xlsm
-
Size
242KB
-
MD5
b46aa5f81d293bc7791a720b6447d01f
-
SHA1
a8ab19110c407b6e04e460fa8bc33685868a026d
-
SHA256
2355f05bca712ce31b1fef911395862eb34e73db7a3ca0a6bee2664024e47518
-
SHA512
8c3b80ff99948aa1f67ed9b6a9c5b2b1225b9246b71b7a8f97661bd054339f67e82aa7f118fed8462ce20ff1a58d9f07cb07c91f1220ac48d8fd1502f1be1e93
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Dridex Loader
Detects Dridex both x86 and x64 loader in memory.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Checks whether UAC is enabled
-