dridex | e08fa4239a4c5ed68a5efd79953489da0ba5c3505c19888be83533dea837f99c | Triage

Submit
Reports

Overview

overview

Static

static

8

Invoice_020634.xlsm

windows7_x64

Invoice_020634.xlsm

windows10_x64

Sharing

General

Target

Invoice_020634.xlsm
Size

73KB
Sample

210727-n78zzy5wba
MD5

86a156d545f23e81be35433443bb6da2
SHA1

c5df03d08806f1faa990ea3a71ac447aecc7185c
SHA256

e08fa4239a4c5ed68a5efd79953489da0ba5c3505c19888be83533dea837f99c
SHA512

18f07926d0d8f59243824c19825c5b1c6e8589c40b13d780f280ae9279f186c05c8a48768301b68926086eb82803da923bfa154844a1af9ace0a2d0c0010bbd8

Score

10^/10

dridex 22201 botnet evasion loader macro trojan

Static task

static1

Behavioral task

behavioral1

Sample

Invoice_020634.xlsm

Resource

win7v20210410

dridex 22201 botnet evasion loader trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Invoice_020634.xlsm

Resource

win10v20210410

dridex 22201 botnet evasion loader trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

45.79.33.48:443

139.162.202.74:5007

68.183.216.174:7443

rc4.plain

rc4.plain

Targets

- Target
  
  Invoice_020634.xlsm
- Size
  
  73KB
- MD5
  
  86a156d545f23e81be35433443bb6da2
- SHA1
  
  c5df03d08806f1faa990ea3a71ac447aecc7185c
- SHA256
  
  e08fa4239a4c5ed68a5efd79953489da0ba5c3505c19888be83533dea837f99c
- SHA512
  
  18f07926d0d8f59243824c19825c5b1c6e8589c40b13d780f280ae9279f186c05c8a48768301b68926086eb82803da923bfa154844a1af9ace0a2d0c0010bbd8
Score

10^/10

dridex 22201 botnet evasion loader trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridex22201botnetevasionloadertrojan

behavioral2

dridex22201botnetevasionloadertrojan

© 2018-2024

Terms | Privacy