dridex | 86f53c137a1123fb819fd6595d67495d145ca2441634b4360a37cb313eacb454 | Triage

Sharing

General

Target

Dridex.7z
Size

836KB
Sample

210415-fjr7qjb2zj
MD5

c0f7f4229217e96ecfff0c77af564337
SHA1

b9879182331c086a5d3fee68dfb403c6d6cfedb5
SHA256

86f53c137a1123fb819fd6595d67495d145ca2441634b4360a37cb313eacb454
SHA512

0b42878f19e17b2253572dcd89e5fa3599694289c25a89fe44bf113d4a8e7401369f028bc0d27b50111d1079105cadc407c165d0c667efa2b3bd99c13dabc747

Score

10^/10

dridex botnet loader persistence

Malware Config

Targets

- Target
  
  Dridex/Dridex.JhiSharp.dll.9d75ff0e9447ceb89c90cca24a1dbec1
- Size
  
  148KB
- MD5
  
  9d75ff0e9447ceb89c90cca24a1dbec1
- SHA1
  
  ebae1054d69619e9e70c9b2e806edb9000d7feb9
- SHA256
  
  f2b33edb7efa853eb7f11cb8259243238e220fdc0bfc6987835ba1b12c4af1eb
- SHA512
  
  6df94dbe3681c1cb572d63e54a6753b3bae7075b86507f33f152795c6e61f1feac6742986d7c72a2834f28c85d0a1890bb31b5888b98b29754300dceb63e210d
Score

10^/10

dridex botnet loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Deletes itself
behavioral1 behavioral2
- Target
  
  Dridex/DridexDroppedVBS.925da3a10f7dde802c8d87047b14fda6
- Size
  
  140KB
- MD5
  
  925da3a10f7dde802c8d87047b14fda6
- SHA1
  
  1fc59fbf692f690b9fe82cfafc9dcbd5aac31a68
- SHA256
  
  c94fe7b646b681ac85756b4ce7f85f4745a7b505f1a2215ba8b58375238bad10
- SHA512
  
  82588188de13f34cd751da7409f780c4fc5814da780fe8cad1fa73370414fb24b9822fc56f1f162d0db4a5c27159c225bc4d4fb061a87cb3c0d89b067353a478
Score

10^/10

dridex botnet loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Deletes itself
behavioral3 behavioral4
- Target
  
  Dridex/DridexLoader.bin.exe.c26203af4b3e9c81a9e634178b603601
- Size
  
  212KB
- MD5
  
  c26203af4b3e9c81a9e634178b603601
- SHA1
  
  5e41cbc4d7a1afdf05f441086c2caf45a44bac9e
- SHA256
  
  7b8fc6e62ef39770587a056af9709cb38f052aad5d815f808346494b7a3d00c5
- SHA512
  
  bb5aeb995d7b9b2b532812be0da4644db5f3d22635c37d7154ba39691f3561da574597618e7359b9a45b3bb906ec0b8b0104cbc05689455c952e995759e188b6
Score

10^/10

dridex botnet loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Deletes itself
behavioral5 behavioral6
- Target
  
  Dridex/Trojan.Dridex.A. dbf96ab40b728c12951d317642fbd9da
- Size
  
  132KB
- MD5
  
  dbf96ab40b728c12951d317642fbd9da
- SHA1
  
  38687e06f4f66a6a661b94aaf4e73d0012dfb8e3
- SHA256
  
  daab430bb5771eaa7af0fbd3417604e8af5f4693099a6393a4dc3b440863bced
- SHA512
  
  a49cc96651d01da5d6cbb833df36b7987eafb4f09cc9c516c10d0d812002d06ae8edee4e7256c84e300dc2eadad90f7bb37c797bccdee4bad16fcaf88277b381
Score

10^/10

dridex botnet loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Deletes itself
behavioral7 behavioral8
- Target
  
  Dridex/Trojan.Dridex.A.6164228ed2cc0eceba9ce1828d87d827
- Size
  
  152KB
- MD5
  
  6164228ed2cc0eceba9ce1828d87d827
- SHA1
  
  cea5bc473c948a78ce565b6e195e6e25f029c0c6
- SHA256
  
  7fa83f0588f0f50d0635313918137c05cb59aa672d842f864073aebb72c66195
- SHA512
  
  b53ac27397ce5453fa008d1a2e98f9f66be7d7f08375b92c88007544c09ab844d6c8eeceb2221c988e0a0d6ffc2a8a290e49715e3062a74bcd2310d41bffcc37
Score

10^/10

dridex botnet loader
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Deletes itself
behavioral9 behavioral10
- Target
  
  Dridex/Trojan.Dridex.A.97a26d9e3598fea2e1715c6c77b645c2
- Size
  
  628KB
- MD5
  
  97a26d9e3598fea2e1715c6c77b645c2
- SHA1
  
  c4bf3a00c9223201aa11178d0f0b53c761a551c4
- SHA256
  
  e5df93c0fedca105218296cbfc083bdc535ca99862f10d21a179213203d6794f
- SHA512
  
  acfec633714f72bd5c39f16f10e39e88b5c1cf0adab7154891a383912852f92d3415b0b2d874a8f8f3166879e63796a8ed25ee750c6e4be09a4dddd8c849920c
Score

10^/10

dridex botnet loader persistence
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Loader
  Detects Dridex both x86 and x64 loader in memory.
  botnet loader
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral11 behavioral12

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridexbotnetloader

behavioral2

behavioral3

dridexbotnetloader

behavioral4

dridexbotnetloader

behavioral5

dridexbotnetloader

behavioral6

dridexbotnetloader

behavioral7

dridexbotnetloader

behavioral8

dridexbotnetloader

behavioral9

dridexbotnetloader

behavioral10

dridexbotnetloader

behavioral11

dridexbotnetloaderpersistence

behavioral12

dridexbotnetloaderpersistence