Overview

overview

10

Static

static

4e16c71795...35.dll

windows7_x64

10

4e16c71795...35.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4e16c7179564c280431462f14d51eb4da50bbc1524b4961b289a0ad0fb96ed35

  • Size

    1.4MB

  • Sample

    211126-ld769segc5

  • MD5

    ec7196719cd7072437a15963ec474858

  • SHA1

    371c3f1ace0a466b1da2ea4773966c3762602c72

  • SHA256

    4e16c7179564c280431462f14d51eb4da50bbc1524b4961b289a0ad0fb96ed35

  • SHA512

    e398d4295a42f215a1adce34107b5111df0c4b66b891b714ee572c6863921ed904b96c6873f143c3ae7ba9c6a5351a0e50a7d1834ae19d149ed8b95a86b1fa32

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      4e16c7179564c280431462f14d51eb4da50bbc1524b4961b289a0ad0fb96ed35

    • Size

      1.4MB

    • MD5

      ec7196719cd7072437a15963ec474858

    • SHA1

      371c3f1ace0a466b1da2ea4773966c3762602c72

    • SHA256

      4e16c7179564c280431462f14d51eb4da50bbc1524b4961b289a0ad0fb96ed35

    • SHA512

      e398d4295a42f215a1adce34107b5111df0c4b66b891b714ee572c6863921ed904b96c6873f143c3ae7ba9c6a5351a0e50a7d1834ae19d149ed8b95a86b1fa32

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks