General
-
Target
Invoice_115952(1).xlsm
-
Size
328KB
-
Sample
210727-nq5tg5rzmx
-
MD5
4dfc77e45068635df70a32fd5bcdeb01
-
SHA1
01e6f96db1fc9adfb6ef49beed0abaf6a12eab3a
-
SHA256
cdc866753e7d7865e67e31047a60468f6c7eb80290df4c4e16d3697eb8db12b6
-
SHA512
ab835a2bfe72e82dafd3abb27521484c901f94114c493bcd47b7e295a6ccffb67cb2aeab9ee892d6b9dee46e17cf77b57080ed173d9e17dd893cb4ef72607ce0
Malware Config
Extracted
dridex
22202
45.79.33.48:443
139.162.202.74:5007
68.183.216.174:7443
Targets
-
-
Target
Invoice_115952(1).xlsm
-
Size
328KB
-
MD5
4dfc77e45068635df70a32fd5bcdeb01
-
SHA1
01e6f96db1fc9adfb6ef49beed0abaf6a12eab3a
-
SHA256
cdc866753e7d7865e67e31047a60468f6c7eb80290df4c4e16d3697eb8db12b6
-
SHA512
ab835a2bfe72e82dafd3abb27521484c901f94114c493bcd47b7e295a6ccffb67cb2aeab9ee892d6b9dee46e17cf77b57080ed173d9e17dd893cb4ef72607ce0
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Dridex Loader
Detects Dridex both x86 and x64 loader in memory.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Checks whether UAC is enabled
-