Overview

overview

10

Static

static

c876113220...94.dll

windows7_x64

10

c876113220...94.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c876113220b534ba1da612f3ca0eb30a735548a20e6b70b5bf547bc7ce3e1794

  • Size

    1.5MB

  • Sample

    211126-ld769segc4

  • MD5

    9b7b23ecfe0f8461fd0d9a7e5e590e31

  • SHA1

    616a00949db4ce3fb3e13ddfda0f288ad39d2877

  • SHA256

    c876113220b534ba1da612f3ca0eb30a735548a20e6b70b5bf547bc7ce3e1794

  • SHA512

    1f715cf068481951a697caa17ed94ddf3afec21186de5674d4d138a2ae8635e8f5879053fca0ec99bf33169737d8298146f000702a900487a8c5f45d5bc53875

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      c876113220b534ba1da612f3ca0eb30a735548a20e6b70b5bf547bc7ce3e1794

    • Size

      1.5MB

    • MD5

      9b7b23ecfe0f8461fd0d9a7e5e590e31

    • SHA1

      616a00949db4ce3fb3e13ddfda0f288ad39d2877

    • SHA256

      c876113220b534ba1da612f3ca0eb30a735548a20e6b70b5bf547bc7ce3e1794

    • SHA512

      1f715cf068481951a697caa17ed94ddf3afec21186de5674d4d138a2ae8635e8f5879053fca0ec99bf33169737d8298146f000702a900487a8c5f45d5bc53875

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks