Overview

overview

10

Static

static

1

Agreement ...01.vbs

windows7-x64

10

Agreement ...01.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    89ce01b48872e3e3ba5e3bf4d454038b_JaffaCakes118

  • Size

    279KB

  • Sample

    240601-jrpwqsfd59

  • MD5

    89ce01b48872e3e3ba5e3bf4d454038b

  • SHA1

    b09ec6e311fdf687d546614614f7d2dcd9dfbdf1

  • SHA256

    e88507dff9780b9f04998c3fc6967f92b3d883c23235dbf452187254a9a8045a

  • SHA512

    dca80dec9bfe3d432f3c7e9d7ee27a988799deb4c898e4f3f7dfcf7748b4bb9a5f07b8c66ee113a708f8dc9e2a0fc21bd49e702e461f554707c14615be034df0

  • SSDEEP

    6144:3Wx24NjsWq19edlEBRTYJj5oESyP9Q7BenKw8BweW/O28vhJnXqEQlsxm:GM4NjsWq1TIj5syGEQpWd8JJnXqEQ1

Score
10/10
dridexbotnetloader

Malware Config

Extracted

Family

dridex

C2

89.32.150.160:3389

152.46.8.148:884

69.55.238.203:3389

Targets

    • Target

      Agreement CA8292019D4501.vbs

    • Size

      795KB

    • MD5

      c877524243319a178f38671c3a33eaaf

    • SHA1

      f5da68a8d5ef7b3fab82e19a8b4c1118c9a109bd

    • SHA256

      9e65f5319d3c64a0db0a6c39b4d7be40f98f607c3fb3e5c50d7acc337d2ed4bc

    • SHA512

      1f84f9ce971883ac44c41fbfd8bc6e5dd8c987dde594844c0b46613fcc4b74583fefb2d5ff09d7510993bd3502830dc8d9b34ad33a6677fa6a2200cabdb0ee1c

    • SSDEEP

      24576:YmKQH76xpqoeAehhxyWgePLlN4dLQwClvxya8Hc6vP3v3EfvPWFkv6j:xexpqcehhxyXwLl+9

    Score
    10/10
    dridexbotnetloader

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks