General

  • Target

    sample20210315-01.xlsm

  • Size

    40KB

  • Sample

    210315-h1647bcb72

  • MD5

    1573b4ec83ac67af060289a37896b0c9

  • SHA1

    b95d31d6b268f4382c438ba8cdb2d6fae9e23572

  • SHA256

    fd2cc0c858b7b92b32d86f7bb8a48d56798667a2bc7e75fe44f074178ea3a0d6

  • SHA512

    925e02a2f062cf4732335b28765779973d6db9d89c52016326aef577b0e76ee07bb8beb386545f9551aa2e4c811f6d432c9dda90cfedc6e0ed72f042808fd3b9

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

210.65.244.184:443

147.78.186.4:10051

62.75.168.152:6601

rc4.plain
rc4.plain

Targets

    • Target

      sample20210315-01.xlsm

    • Size

      40KB

    • MD5

      1573b4ec83ac67af060289a37896b0c9

    • SHA1

      b95d31d6b268f4382c438ba8cdb2d6fae9e23572

    • SHA256

      fd2cc0c858b7b92b32d86f7bb8a48d56798667a2bc7e75fe44f074178ea3a0d6

    • SHA512

      925e02a2f062cf4732335b28765779973d6db9d89c52016326aef577b0e76ee07bb8beb386545f9551aa2e4c811f6d432c9dda90cfedc6e0ed72f042808fd3b9

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks