dridex | 6e4dd80fc7a0b4a9ccb96d35ea609227f1e89274b3836f424d9ecbb43791c75d | Triage

Submit
Reports

Overview

overview

Static

static

8

INV3853544...5.xlsm

windows7_x64

1

INV3853544...5.xlsm

windows10_x64

Sharing

General

Target

INV3853544448-20210315515345.xlsm
Size

40KB
Sample

210315-7l5y58b1ya
MD5

fbdc93eba3d85daa84b15b534d01ad86
SHA1

b60035635c6dabd34f35ed5729df7ada641d51d3
SHA256

6e4dd80fc7a0b4a9ccb96d35ea609227f1e89274b3836f424d9ecbb43791c75d
SHA512

5b777f564c35d04de6faae13993fdad2f6ec2a95c4922488cd47e752b7643f0ea74f43693c8944ba4544fc4eaa4b87fd7196a1c9996c8fd21d166c4f14258a3a

Score

10^/10

dridex 10444 botnet loader macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

INV3853544448-20210315515345.xlsm

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

INV3853544448-20210315515345.xlsm

Resource

win10v20201028

dridex 10444 botnet loader

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

210.65.244.184:443

147.78.186.4:10051

62.75.168.152:6601

rc4.plain

rc4.plain

Targets

- Target
  
  INV3853544448-20210315515345.xlsm
- Size
  
  40KB
- MD5
  
  fbdc93eba3d85daa84b15b534d01ad86
- SHA1
  
  b60035635c6dabd34f35ed5729df7ada641d51d3
- SHA256
  
  6e4dd80fc7a0b4a9ccb96d35ea609227f1e89274b3836f424d9ecbb43791c75d
- SHA512
  
  5b777f564c35d04de6faae13993fdad2f6ec2a95c4922488cd47e752b7643f0ea74f43693c8944ba4544fc4eaa4b87fd7196a1c9996c8fd21d166c4f14258a3a
Score

10^/10

dridex 10444 botnet loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Loads dropped DLL
- Process spawned suspicious child process
  This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

dridex10444botnetloader

© 2018-2024

Terms | Privacy