Extracted

• • Target

    Invoice_9825272.xls

  • Size

    662KB

  • MD5

    605cc856a08688ba0aa58eb1f9ccf243

  • SHA1

    a304e85596719629d143441776e4af648497cfb3

  • SHA256

    9c71e9175ffedd1b7ed1a4f2fdd8c18e039ac47835c57d9afcb2749a9418875b

  • SHA512

    09c14899c7286e5a64f910fbc5bc40062143b676f334deff69f20367ebef1bd9fb64bec6d59068338b969dfdb5805347a02aeaf42a70af30280b803a3e04c9aa

  Score

  10^/10

  dridex22201botnetevasionloadertrojan

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Dridex Loader

    Detects Dridex both x86 and x64 loader in memory.

    botnetloader

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Checks whether UAC is enabled

    evasiontrojan
  behavioral1behavioral2