General
-
Target
Inv9948939619.xlsm
-
Size
33KB
-
Sample
210311-15zt6e34kx
-
MD5
f685aa869cf29499b615dff5c4b5f9f8
-
SHA1
2d461fa264897b3edb0e5d79b5e7d76c2c5b62c6
-
SHA256
7c2dce53d23d62b45470c002311761fc35f78d2af8b0052dcdd0362206d986fa
-
SHA512
cdd8b60b0677fb024a546a0739e30c479ba0a58f8a48e47dc4103e24d8e835c99275230fabab3e1e921f83caf39afc305b998120c936d474a9789fd1e55c6868
Malware Config
Extracted
Extracted
dridex
10444
210.65.244.166:443
178.33.183.53:7443
157.7.139.198:6601
Targets
-
-
Target
Inv9948939619.xlsm
-
Size
33KB
-
MD5
f685aa869cf29499b615dff5c4b5f9f8
-
SHA1
2d461fa264897b3edb0e5d79b5e7d76c2c5b62c6
-
SHA256
7c2dce53d23d62b45470c002311761fc35f78d2af8b0052dcdd0362206d986fa
-
SHA512
cdd8b60b0677fb024a546a0739e30c479ba0a58f8a48e47dc4103e24d8e835c99275230fabab3e1e921f83caf39afc305b998120c936d474a9789fd1e55c6868
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Dridex Loader
Detects Dridex both x86 and x64 loader in memory.
-
Loads dropped DLL
-