Overview

overview

10

Static

static

3b855a23e9...8e.dll

windows7_x64

10

3b855a23e9...8e.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3b855a23e994dea8c214afcbb01123d1317ec701166de6b77d8b3f0c1125698e

  • Size

    1.4MB

  • Sample

    211126-lerwnsegd5

  • MD5

    d69796752faea68d9010a9671045e0b9

  • SHA1

    1e24007994f3d530bbf2fb05ecd42e9c4b40a63e

  • SHA256

    3b855a23e994dea8c214afcbb01123d1317ec701166de6b77d8b3f0c1125698e

  • SHA512

    6f1715ec37f2c4a3a98f18ad9ef30a112b80a61e21a28bdd74d4e5bfbc33c168df2df1f8fb65b83ad045fbefb000c6ae9e60a26523f22e58cb408e70d558b9dc

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      3b855a23e994dea8c214afcbb01123d1317ec701166de6b77d8b3f0c1125698e

    • Size

      1.4MB

    • MD5

      d69796752faea68d9010a9671045e0b9

    • SHA1

      1e24007994f3d530bbf2fb05ecd42e9c4b40a63e

    • SHA256

      3b855a23e994dea8c214afcbb01123d1317ec701166de6b77d8b3f0c1125698e

    • SHA512

      6f1715ec37f2c4a3a98f18ad9ef30a112b80a61e21a28bdd74d4e5bfbc33c168df2df1f8fb65b83ad045fbefb000c6ae9e60a26523f22e58cb408e70d558b9dc

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks