dridex

Resubmissions

27-10-2021 20:46

211027-zks8ksgdh6 10

27-10-2021 10:26

211027-mghw8abfh9 8

Sharing

Copy URL

Twitter E-mail

General

Target

Purchase_Order 8328.xls
Size

79KB
Sample

211027-zks8ksgdh6
MD5

18dd59051822628a3ecbbdc902888ca8
SHA1

df1745ee2b92e041128bf83242df6d6d32858231
SHA256

2f12b09b257e88b05b03eba2d3ec27d74ac6ab1144b7373058f1e87b3555b1f8
SHA512

5364687cafff4045f08e4f45eb9c12c2602fd0f9d99e46ce6fd68b2b8798d31047f1a285605872555aecc71a6167e0a8f3b7f51878d145a5b5ace47bacd573ed

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://newerabd.com/ebkc1m.rar

Extracted

Family

dridex

Botnet

10555

192.46.210.220:443

143.244.140.214:808

45.77.0.96:6891

185.56.219.47:8116

rc4.plain

Targets

- Target
  
  Purchase_Order 8328.xls
- Size
  
  79KB
- MD5
  
  18dd59051822628a3ecbbdc902888ca8
- SHA1
  
  df1745ee2b92e041128bf83242df6d6d32858231
- SHA256
  
  2f12b09b257e88b05b03eba2d3ec27d74ac6ab1144b7373058f1e87b3555b1f8
- SHA512
  
  5364687cafff4045f08e4f45eb9c12c2602fd0f9d99e46ce6fd68b2b8798d31047f1a285605872555aecc71a6167e0a8f3b7f51878d145a5b5ace47bacd573ed
Score

10^/10

dridex 10555 botnet
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Downloads MZ/PE file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Targets

Process spawned unexpected child process

Downloads MZ/PE file

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2