Description
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
64eadd3a1fe874e2299e3f3321a478a3bc1c2e530ae28fefc4927d1c7771bb92
General
Target
Size
Sample
64eadd3a1fe874e2299e3f3321a478a3bc1c2e530ae28fefc4927d1c7771bb92
1MB
211126-lfxtbabefj
Score
10 /10
MD5
SHA1
SHA256
SHA512
e57e81a28fe78e44bb3ff92b0aa211b0
087ff74a9232abeabe0bdfd835690820fa990718
64eadd3a1fe874e2299e3f3321a478a3bc1c2e530ae28fefc4927d1c7771bb92
fb6451f71a29ba074c500cc9328503ab33d38f55536e50c3abcf0a78b8917520d0530c132c20c15f02083469504f73fb3416d6a3068fc32ba9ee5c0ed8ea5688
Malware Config
Targets
Target
MD5
Filesize
64eadd3a1fe874e2299e3f3321a478a3bc1c2e530ae28fefc4927d1c7771bb92
e57e81a28fe78e44bb3ff92b0aa211b0
1MB
Score
10/10
SHA1
SHA256
SHA512
087ff74a9232abeabe0bdfd835690820fa990718
64eadd3a1fe874e2299e3f3321a478a3bc1c2e530ae28fefc4927d1c7771bb92
fb6451f71a29ba074c500cc9328503ab33d38f55536e50c3abcf0a78b8917520d0530c132c20c15f02083469504f73fb3416d6a3068fc32ba9ee5c0ed8ea5688
Tags
Signatures
-
Dridex
-
Dridex Shellcode
Description
Detects Dridex Payload shellcode injected in Explorer process.
Tags
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
Tags
TTPs
-
Checks whether UAC is enabled
Tags
TTPs
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks