dridex | 297fa628e174f62edfc8ecf1e4ec79d8f177fe89308a0c04a0b55693af0a776f | Triage

Submit
Reports

Overview

overview

Static

static

8

Invoice_3326809.xlsm

windows7_x64

Invoice_3326809.xlsm

windows10_x64

Sharing

General

Target

Invoice_3326809.xlsm
Size

332KB
Sample

210727-gdh6t3ed8n
MD5

86c63e5a375f54c79cfa007828400a5d
SHA1

858168c7285d60d905470d70c32962a1367ea947
SHA256

297fa628e174f62edfc8ecf1e4ec79d8f177fe89308a0c04a0b55693af0a776f
SHA512

39c357bef2f317080dc115803d211a1d8294360a7002e38a8e7d7a5cd86d2b3c0d6faaa9535e2c5787dfc00b7e450ee03e3b3f259e0dd95e196a850a16d45f79

Score

10^/10

dridex 22202 botnet evasion loader macro trojan

Static task

static1

Behavioral task

behavioral1

Sample

Invoice_3326809.xlsm

Resource

win7v20210408

dridex 22202 botnet evasion loader trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Invoice_3326809.xlsm

Resource

win10v20210410

dridex 22202 botnet evasion loader trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

45.79.33.48:443

139.162.202.74:5007

68.183.216.174:7443

rc4.plain

rc4.plain

Targets

- Target
  
  Invoice_3326809.xlsm
- Size
  
  332KB
- MD5
  
  86c63e5a375f54c79cfa007828400a5d
- SHA1
  
  858168c7285d60d905470d70c32962a1367ea947
- SHA256
  
  297fa628e174f62edfc8ecf1e4ec79d8f177fe89308a0c04a0b55693af0a776f
- SHA512
  
  39c357bef2f317080dc115803d211a1d8294360a7002e38a8e7d7a5cd86d2b3c0d6faaa9535e2c5787dfc00b7e450ee03e3b3f259e0dd95e196a850a16d45f79
Score

10^/10

dridex 22202 botnet evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex22202botnetevasionloadertrojan

behavioral2

dridex22202botnetevasionloadertrojan

© 2018-2024

Terms | Privacy