Overview

overview

10

Static

static

d6b765e0c2...aa.dll

windows7_x64

10

d6b765e0c2...aa.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d6b765e0c278fe4383427e864d9baf366cd2ce7895cf9d038aa29c15174e2caa

  • Size

    1.4MB

  • Sample

    211126-lerwnsbedp

  • MD5

    596b0cac5ca82de0f301f5ae4f72ec31

  • SHA1

    ef280c3f84f2aa68dac81b7c511a55d18035c644

  • SHA256

    d6b765e0c278fe4383427e864d9baf366cd2ce7895cf9d038aa29c15174e2caa

  • SHA512

    344a058bd165805bb442eb0ccd07a61349c0283a32ec502447c32a408dc17cf0a303422ffe3fb535fa80716584a8735eaca57adb67faf44ba52b966a007f6bcb

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      d6b765e0c278fe4383427e864d9baf366cd2ce7895cf9d038aa29c15174e2caa

    • Size

      1.4MB

    • MD5

      596b0cac5ca82de0f301f5ae4f72ec31

    • SHA1

      ef280c3f84f2aa68dac81b7c511a55d18035c644

    • SHA256

      d6b765e0c278fe4383427e864d9baf366cd2ce7895cf9d038aa29c15174e2caa

    • SHA512

      344a058bd165805bb442eb0ccd07a61349c0283a32ec502447c32a408dc17cf0a303422ffe3fb535fa80716584a8735eaca57adb67faf44ba52b966a007f6bcb

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks