Overview

overview

10

Static

static

8

export of ...2.xlsm

windows7_x64

10

export of ...2.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    export of document 342612.xlsm

  • Size

    83KB

  • Sample

    210505-mafeaz5vr6

  • MD5

    bff1d0bc3ea7daf787e62e14d7a87f2f

  • SHA1

    679615484ee10e8170ac96f1472e3a54ad2447f0

  • SHA256

    b1c932b82e70544a381a0a0ffe1116a71a0dbc1c2b3e5afd63d7ddd0507489ca

  • SHA512

    b09fc21d4cd1308967a8bb97a978af2e6ec3c75e21b2a5ba0ba3b5dbf557a2f1050c33c00fbb7b70cb56add7c5ef4a8a9553ecc32b20cfa7661718b6442d6b38

Score
10/10
dridex22201botnetevasionloadermacrotrojan

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

45.55.134.126:443

67.207.83.96:8172

193.160.214.95:4125
rc4.plain
rc4.plain

Targets

    • Target

      export of document 342612.xlsm

    • Size

      83KB

    • MD5

      bff1d0bc3ea7daf787e62e14d7a87f2f

    • SHA1

      679615484ee10e8170ac96f1472e3a54ad2447f0

    • SHA256

      b1c932b82e70544a381a0a0ffe1116a71a0dbc1c2b3e5afd63d7ddd0507489ca

    • SHA512

      b09fc21d4cd1308967a8bb97a978af2e6ec3c75e21b2a5ba0ba3b5dbf557a2f1050c33c00fbb7b70cb56add7c5ef4a8a9553ecc32b20cfa7661718b6442d6b38

    Score
    10/10
    dridex22201botnetevasionloadertrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks