Overview

overview

10

Static

static

93394d6e_b...is.dll

windows7_x64

10

93394d6e_b...is.dll

windows10_x64

10

Resubmissions

28-05-2021 05:59

210528-mj2qwc9z3x 10

19-05-2021 14:41

210519-khtrssqv6a 10

10-05-2021 18:06

210510-ncy7w9kqte 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    93394d6e_by_Libranalysis

  • Size

    588KB

  • Sample

    210510-ncy7w9kqte

  • MD5

    93394d6e0ea894922267955095fabbc9

  • SHA1

    38ac582b64fb09f212aceddf5e3cc13946c69985

  • SHA256

    7f0f199833687549249b22ec50bbcb234d2ad2b8da993a6cbc86db8a53236530

  • SHA512

    aceecbcccd6fe48586d695b0ef04d7d0b998069dbb6545dc9ca96045f896281663027cf048ce2d0f27d0e2990f03c1f592322bfa9bc9776f153d07c6993cc8e7

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      93394d6e_by_Libranalysis

    • Size

      588KB

    • MD5

      93394d6e0ea894922267955095fabbc9

    • SHA1

      38ac582b64fb09f212aceddf5e3cc13946c69985

    • SHA256

      7f0f199833687549249b22ec50bbcb234d2ad2b8da993a6cbc86db8a53236530

    • SHA512

      aceecbcccd6fe48586d695b0ef04d7d0b998069dbb6545dc9ca96045f896281663027cf048ce2d0f27d0e2990f03c1f592322bfa9bc9776f153d07c6993cc8e7

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Payload

      Detects Dridex x64 core DLL in memory.

      botnetpayload

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks