Overview

overview

10

Static

static

f70346d437...03.xls

windows7_x64

10

f70346d437...03.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f70346d437f79aed8085934da8051603.xls

  • Size

    660KB

  • Sample

    210721-h9fjcxjdc2

  • MD5

    f70346d437f79aed8085934da8051603

  • SHA1

    6293138e17910fe92b1a5094cd3c5489fd328360

  • SHA256

    c7ee52bed09b62343a0a239526ff58285cd2d67ff2b598455b32c7e8721e559d

  • SHA512

    caff8eabe4d2848781b6ec04b8661b76d9d9c25a055d816aa2bbac7bac91e76ae3fab084d867502019a6d59e58181908a3eacb71bbeb75d9ff369ca09e3df4d6

Score
10/10
dridex22202botnetevasionloadertrojan

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

178.238.236.59:443

104.245.52.73:5007

81.0.236.93:13786
rc4.plain
rc4.plain

Targets

    • Target

      f70346d437f79aed8085934da8051603.xls

    • Size

      660KB

    • MD5

      f70346d437f79aed8085934da8051603

    • SHA1

      6293138e17910fe92b1a5094cd3c5489fd328360

    • SHA256

      c7ee52bed09b62343a0a239526ff58285cd2d67ff2b598455b32c7e8721e559d

    • SHA512

      caff8eabe4d2848781b6ec04b8661b76d9d9c25a055d816aa2bbac7bac91e76ae3fab084d867502019a6d59e58181908a3eacb71bbeb75d9ff369ca09e3df4d6

    Score
    10/10
    dridex22202botnetevasionloadertrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks