dridex | 1be3b8b888ba3b946304bd262319fa5fca0f8d41bde9850842e978a4fdcef808 | Triage

Submit
Reports

Overview

overview

Static

static

8

fd2cc0c858...6.xlsm

windows7_x64

1

fd2cc0c858...6.xlsm

windows10_x64

Sharing

General

Target

fd2cc0c858b7b92b32d86f7bb8a48d56798667a2bc7e75fe44f074178ea3a0d6.zip
Size

36KB
Sample

210315-18a3nnhew2
MD5

3c0c3aa7d3088acb2825410e2c58cf3f
SHA1

af4bdfd2459a0a51de1dd68300832018be8637d0
SHA256

1be3b8b888ba3b946304bd262319fa5fca0f8d41bde9850842e978a4fdcef808
SHA512

632bbae02aebabb11474614488f36095ef425bb3162e87e6282835a45142149c26c7037b43bf7534df1ca877ac22d4ebff4483445841096269ccd590fd1726f8

Score

10^/10

dridex 10444 botnet loader macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

fd2cc0c858b7b92b32d86f7bb8a48d56798667a2bc7e75fe44f074178ea3a0d6.xlsm

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

fd2cc0c858b7b92b32d86f7bb8a48d56798667a2bc7e75fe44f074178ea3a0d6.xlsm

Resource

win10v20201028

dridex 10444 botnet loader

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

210.65.244.184:443

147.78.186.4:10051

62.75.168.152:6601

rc4.plain

rc4.plain

Targets

- Target
  
  fd2cc0c858b7b92b32d86f7bb8a48d56798667a2bc7e75fe44f074178ea3a0d6.xlsm
- Size
  
  40KB
- MD5
  
  1573b4ec83ac67af060289a37896b0c9
- SHA1
  
  b95d31d6b268f4382c438ba8cdb2d6fae9e23572
- SHA256
  
  fd2cc0c858b7b92b32d86f7bb8a48d56798667a2bc7e75fe44f074178ea3a0d6
- SHA512
  
  925e02a2f062cf4732335b28765779973d6db9d89c52016326aef577b0e76ee07bb8beb386545f9551aa2e4c811f6d432c9dda90cfedc6e0ed72f042808fd3b9
Score

10^/10

dridex 10444 botnet loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Loads dropped DLL
- Process spawned suspicious child process
  This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

dridex10444botnetloader

© 2018-2024

Terms | Privacy