Overview

overview

10

Static

static

8

bd59e42a9e...d7.xls

windows7_x64

10

bd59e42a9e...d7.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bd59e42a9ee00ba415448c31190e57d7.xls

  • Size

    317KB

  • Sample

    210721-1scxd7d19a

  • MD5

    bd59e42a9ee00ba415448c31190e57d7

  • SHA1

    95bc249a25513514f1859b690fdcc41f7fb78bac

  • SHA256

    f4f0127923c4a1c69aab04516907fd4010f9af8302e132b972d053813577b18d

  • SHA512

    aad6ecac040ef20c61aee790155adc1937e426c3ef2240334516ed6be26c4688f764cec8cd0c051710ef35d261fc6b789d408bf6755e0714affce101603bfdca

Score
10/10
dridex22202botnetevasionloadermacrotrojan

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

178.238.236.59:443

104.245.52.73:5007

81.0.236.93:13786
rc4.plain
rc4.plain

Targets

    • Target

      bd59e42a9ee00ba415448c31190e57d7.xls

    • Size

      317KB

    • MD5

      bd59e42a9ee00ba415448c31190e57d7

    • SHA1

      95bc249a25513514f1859b690fdcc41f7fb78bac

    • SHA256

      f4f0127923c4a1c69aab04516907fd4010f9af8302e132b972d053813577b18d

    • SHA512

      aad6ecac040ef20c61aee790155adc1937e426c3ef2240334516ed6be26c4688f764cec8cd0c051710ef35d261fc6b789d408bf6755e0714affce101603bfdca

    Score
    10/10
    dridex22202botnetevasionloadertrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks