Overview

overview

10

Static

static

1424567126...16.dll

windows7_x64

10

1424567126...16.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1424567126d25f416f5368a61891158af6cd71fcf72a337affedbaa0360db816

  • Size

    1.4MB

  • Sample

    211126-lerkxabedn

  • MD5

    68e9d541c4cd375f03051c96191ba135

  • SHA1

    8174c682609623084c550515d95dc25aca40db33

  • SHA256

    1424567126d25f416f5368a61891158af6cd71fcf72a337affedbaa0360db816

  • SHA512

    1b35f41092842370b49b46066c5e3325f51f24f00f96be2379c1107e1faf9620a3cfdf86d23511ddae9eb2d91e4171835cdc374d697ac4e32fa5d058bca03a86

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      1424567126d25f416f5368a61891158af6cd71fcf72a337affedbaa0360db816

    • Size

      1.4MB

    • MD5

      68e9d541c4cd375f03051c96191ba135

    • SHA1

      8174c682609623084c550515d95dc25aca40db33

    • SHA256

      1424567126d25f416f5368a61891158af6cd71fcf72a337affedbaa0360db816

    • SHA512

      1b35f41092842370b49b46066c5e3325f51f24f00f96be2379c1107e1faf9620a3cfdf86d23511ddae9eb2d91e4171835cdc374d697ac4e32fa5d058bca03a86

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks