Overview

overview

10

Static

static

dridex_mai...in.dll

windows7_x64

10

dridex_mai...in.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dridex_main_500545c9760bd316dd59f99cfcc62532ffa929d62e0fdb062ab096f828ab31bc.bin

  • Size

    604KB

  • Sample

    210419-a84qry235s

  • MD5

    82f65be4ff7e40974bea265c524ddfd9

  • SHA1

    b044b52058c3cde173a06811262913c31f0af3e1

  • SHA256

    500545c9760bd316dd59f99cfcc62532ffa929d62e0fdb062ab096f828ab31bc

  • SHA512

    b0b6e9cb0192f78f42ec6da160a0e070d4b2c6e83f309b6267697f75dd9c484cbaa95ac76ec656d457801482e3372d4cdfdb80260a77dba31aa9ade58de1784c

Score
10/10
dridexbotnetevasionloaderpersistencetrojan

Malware Config

Targets

    • Target

      dridex_main_500545c9760bd316dd59f99cfcc62532ffa929d62e0fdb062ab096f828ab31bc.bin

    • Size

      604KB

    • MD5

      82f65be4ff7e40974bea265c524ddfd9

    • SHA1

      b044b52058c3cde173a06811262913c31f0af3e1

    • SHA256

      500545c9760bd316dd59f99cfcc62532ffa929d62e0fdb062ab096f828ab31bc

    • SHA512

      b0b6e9cb0192f78f42ec6da160a0e070d4b2c6e83f309b6267697f75dd9c484cbaa95ac76ec656d457801482e3372d4cdfdb80260a77dba31aa9ade58de1784c

    Score
    10/10
    dridexbotnetevasionloaderpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks