Overview

overview

10

Static

static

1

OSCE-CUR12...86.vbs

windows7-x64

10

OSCE-CUR12...86.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2fffcf9006bbece13f1cadf731d27646_JaffaCakes118

  • Size

    396KB

  • Sample

    240510-tv8s5aef4x

  • MD5

    2fffcf9006bbece13f1cadf731d27646

  • SHA1

    ee3d6905811d90fb3f6018a2c3be347e7da5bf39

  • SHA256

    beda27db5bf346e15cfe39591090d852a539760c824cb28afb322098a4027961

  • SHA512

    e436fa7c756d3ff0534806a99ddebd2820bfdd9070af315f4c1fedb8398fa0c2ae5fe66b2b0944cb8af2c3737b9adf0eb8b801a7a7cc61978154eee0d6aed059

  • SSDEEP

    6144:IAvf9GGSIvvu8bQ4pnMiJQ/7qmaCy1d2tVGEwWhFtCQzfZbSImMlwAQ9dHZNxZE3:TGGNpnMiJQ/7qma58DVr399ad/PR3uf

Score
10/10
dridexbotnet

Malware Config

Extracted

Family

dridex

C2

104.131.41.185:443

178.62.75.204:1443

138.201.138.91:3389

62.75.191.14:3389

Targets

    • Target

      OSCE-CUR1202069986.vbs

    • Size

      2.2MB

    • MD5

      bafce37d28a61cc064beeb186de90d78

    • SHA1

      0d2bc349c0da8f5a92df71e9cb34d92b4bb6e70c

    • SHA256

      4a2e30d454a2c64df5eeea0a038d86dc0d230faf595efc7c9fc4773d083348a9

    • SHA512

      9044e58359b2e1c9ecaa04807b3332bd654a34426047f71494ac74ecec56915a1278ec8a5c7648aa873985af919012ada47943c0b3eed030b5adf06e02cad040

    • SSDEEP

      3072:opDhIAeifbWm7bDBuaQc1DAjTMTNoA5mky0S+/8Zi5XY+2h+/GOwmNLgR5btVVW7:oX8sBP0tmjoPJwbxYNWQcVZA2+vZ4qC

    Score
    10/10
    dridexbotnet

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks