Overview

overview

10

Static

static

8

f70c0885e7...ad.xls

windows7_x64

10

f70c0885e7...ad.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f70c0885e76e57f37399d54b10f183ad

  • Size

    313KB

  • Sample

    210721-jjgz6n18te

  • MD5

    f70c0885e76e57f37399d54b10f183ad

  • SHA1

    20548e3304d242789766edfe7c8c7d4e9ccd5b25

  • SHA256

    b11c33ee5fd193e6548d14c2bde4865d30d6d5fd25135bc258cfd8595ae3695c

  • SHA512

    5724457de05561b7e54380c3e3157f0f102084699c04340969394b03f6767e0d99a5e3f2a03871483ae7a3a2822e46a923ac85f433fdbfc64a56e6d93a763f6b

Score
10/10
dridex22202botnetevasionloadermacrotrojan

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

178.238.236.59:443

104.245.52.73:5007

81.0.236.93:13786
rc4.plain
rc4.plain

Targets

    • Target

      f70c0885e76e57f37399d54b10f183ad

    • Size

      313KB

    • MD5

      f70c0885e76e57f37399d54b10f183ad

    • SHA1

      20548e3304d242789766edfe7c8c7d4e9ccd5b25

    • SHA256

      b11c33ee5fd193e6548d14c2bde4865d30d6d5fd25135bc258cfd8595ae3695c

    • SHA512

      5724457de05561b7e54380c3e3157f0f102084699c04340969394b03f6767e0d99a5e3f2a03871483ae7a3a2822e46a923ac85f433fdbfc64a56e6d93a763f6b

    Score
    10/10
    dridex22202botnetevasionloadertrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks