Contact Us Get Support

IQ-FA002: Dridex XLSM Documents using 4.0 Macrosheets

Posted on 2020-05-11 by William MacArthur

Dridex XLSM Documents using 4.0 Macrosheets and bypassing vendors today.

The XLSM 4.0 Macrosheets technique can be further reviewed from our blog post from last week:: ZLoader 4.0 Macrosheets Evolution

Indicators

Date Observed Indicator Type Indicator                                                         Notes
5/11/2020     XLSM Document   ba6d52ced38594fd44ba6beb0bd50e5d83319b7a435958ed4c7dc33770561abd Dridex,4.0 Macrosheets
5/11/2020     Domain      geundik.com   A record 8.208.3.5
5/11/2020     Registrant    Robin Crume bre@thegroomingnetwork.com   No other domain names associated (yet)
5/11/2020     IP        8.208.3.5 AS45102 CN CNNIC-ALIBABA-US-NET
5/11/2020     Binary        4fae283ae2323e49f1a95871e773e3a2bfe54dc151cd7c11cbe41a36fd83bb14 One of many Binaries from this run
Tags

All Flash Alerts
This website stores cookies on your computer. These cookies are used to improve the usability of this website and provide more personalized experience for you, both on this website and through other websites. To find out more, see our Privacy Policy.
Accept