Tuesday, 24 November 2015

Dridex Macro Malware Summary

Here's a quick summary so far of the last 24 hours of Dridex Macro Malware and how Sanesecurity ClamAV (badmacro.ndb) detected them...



Blue and Red lines are Dridex Macros being blocked.

Now compare the above samples submitted within 5 minutes of them arriving... to VirusTotal
(as a simple guide to detection rates obviously):

detection: 6/54
https://www.virustotal.com/file/eedcabef646f97e4195f4ab5b6d52286be283af9bc09533707916b5c09c36df1/analysis/
--
detection: 6/53
https://www.virustotal.com/file/a1a2faf81e94c610da043931dc3dfc37f82052e531559fbd13205cb20b880428/analysis/
--
detection: 6/53
https://www.virustotal.com/file/bf428c6d82fed22d5fd2ad3623ea10317572f69301ecb0d891e322557e52512b/analysis/
--
detection: 6/54
https://www.virustotal.com/file/96b8d9fe171f1bcfec4455c6616e6bfe117b5f838750585401d2a8b78827e7d4/analysis/
--
detection: 5/55
https://www.virustotal.com/file/ce237587231a119c6924b78da78fc6e79e35af37818c20dc9bba09bf07016629/analysis/
--
detection: 7/53
https://www.virustotal.com/file/2db0ae3ad5f38c6ff39be773811c123278fd12a9954bfa0074d8da2d91d793af/analysis/
--
detection: 6/54
https://www.virustotal.com/file/6c632bc22749fae9e4c22d3fb365111ac3d31b74dcbf2bec2de96fe9a9f2cc80/analysis/
--
detection: 6/55
https://www.virustotal.com/file/4b2166b3affb04bcbe4c743b5cb932ff4e368f01d5d0bcbae0ba8e025cc38b24/analysis/
--
detection: 4/55
https://www.virustotal.com/file/1e472a0437b2c7a0e8d13100e1b0d1bbfb6585a6b3eed40f1368d48d1ebba7cf/analysis/
--
detection: 5/55
https://www.virustotal.com/file/bc40a1245751bc5dce50ec0b8a153fd47d84a817a3bd206aa9711e79a4c08f51/analysis/
--
detection: 6/55
https://www.virustotal.com/file/c73476f6d3a076c8c330ec84b12ea4c6b2b6a526e968af940bbf2ace57a7bce3/analysis/
--
detection: 5/56
https://www.virustotal.com/file/450d4118062fbd9f7d21e6225d68418b2b142e11d2421ea352d31baeab1b94c5/analysis/
--
detection: 6/56
https://www.virustotal.com/file/8f2ad887047b224900e7cfe4527d907d47b50d64fe507c95a031c6ee3ee58d81/analysis/
--
detection: 3/55
https://www.virustotal.com/file/dd512875c5fc3a1040b7aaf7493274ee66573c118e536f0863ff3dc888a2eeb5/analysis/
--
detection: 3/55
https://www.virustotal.com/file/44496278c26f794a59178c0aa07c8f71e783861c6b53c2ee0a5fbbdf549163a0/analysis/
--
detection: 3/56
https://www.virustotal.com/file/d4e2ce1ad86ab80f4995ca4b204607f5b47a4aa3601f1c0dba94c1c1969a4462/analysis/


Cheers,

Steve
Sanesecurity.com

No comments: