General
-
Target
Invoice(s)_for_Order_#071185.zip
-
Size
36KB
-
Sample
210315-e3j459wl46
-
MD5
e6a38e8aa8db583b253d73ac0828d07e
-
SHA1
eab11c26ce4dd629db6cf9e4ef6233ba054d1d91
-
SHA256
129254b6e88edb60155404db703d0897e2e3735d72108adf6fee16708812d5d9
-
SHA512
afeebef8bc9ab4bf0e27b268536a7cfe53bc7fbea32bf63ef61589f4b703a60cfc4f316019d2853b95061cbc6dc5e0a57c69bc0431b1739a266f99cd2b2da1c8
Malware Config
Extracted
dridex
10444
210.65.244.184:443
147.78.186.4:10051
62.75.168.152:6601
Targets
-
-
Target
Invoice(s) for Order _071185/071185_BOL.xlsm
-
Size
40KB
-
MD5
1573b4ec83ac67af060289a37896b0c9
-
SHA1
b95d31d6b268f4382c438ba8cdb2d6fae9e23572
-
SHA256
fd2cc0c858b7b92b32d86f7bb8a48d56798667a2bc7e75fe44f074178ea3a0d6
-
SHA512
925e02a2f062cf4732335b28765779973d6db9d89c52016326aef577b0e76ee07bb8beb386545f9551aa2e4c811f6d432c9dda90cfedc6e0ed72f042808fd3b9
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Dridex Loader
Detects Dridex both x86 and x64 loader in memory.
-
Loads dropped DLL
-