dridex | 0592a33cc1d10ff6498f3f4390794960799f6fbf8868036a65f3d285163967dd | Triage

Submit
Reports

Overview

overview

Static

static

0592a33cc1...dd.dll

windows7_x64

0592a33cc1...dd.dll

windows10_x64

Sharing

General

Target

0592a33cc1d10ff6498f3f4390794960799f6fbf8868036a65f3d285163967dd
Size

836KB
Sample

210930-metkyahdcl
MD5

d6228d6a72e085f10e54d6f9ed711164
SHA1

b6b5ef6660ce46e8504ab74d3ffe2bfdfb661ea8
SHA256

0592a33cc1d10ff6498f3f4390794960799f6fbf8868036a65f3d285163967dd
SHA512

d8706f52d9fcdd393cf0e50e4d7b350d562520dd2524285923afc67b4b8e0356cb13c4616ca7d1bc1e7f5a3ccb1229051343cafffb48ccd30d5f0b5139556d3c

Score

10^/10

dridex botnet evasion payload persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

0592a33cc1d10ff6498f3f4390794960799f6fbf8868036a65f3d285163967dd.dll

Resource

win7v20210408

dridex botnet evasion payload persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0592a33cc1d10ff6498f3f4390794960799f6fbf8868036a65f3d285163967dd.dll

Resource

win10-en-20210920

dridex botnet evasion payload persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  0592a33cc1d10ff6498f3f4390794960799f6fbf8868036a65f3d285163967dd
- Size
  
  836KB
- MD5
  
  d6228d6a72e085f10e54d6f9ed711164
- SHA1
  
  b6b5ef6660ce46e8504ab74d3ffe2bfdfb661ea8
- SHA256
  
  0592a33cc1d10ff6498f3f4390794960799f6fbf8868036a65f3d285163967dd
- SHA512
  
  d8706f52d9fcdd393cf0e50e4d7b350d562520dd2524285923afc67b4b8e0356cb13c4616ca7d1bc1e7f5a3ccb1229051343cafffb48ccd30d5f0b5139556d3c
Score

10^/10

dridex botnet evasion payload persistence trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Payload
  Detects Dridex x64 core DLL in memory.
  botnet payload
- Dridex Shellcode
  Detects Dridex Payload shellcode injected in Explorer process.
  botnet payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridexbotnetevasionpayloadpersistencetrojan

behavioral2

dridexbotnetevasionpayloadpersistencetrojan

© 2018-2024

Terms | Privacy