Description
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
a25acf9e95fa653dde6830bbe1dc4406804347b9d3f9a037f53f0a8e79296fe2
General
Target
Size
Sample
a25acf9e95fa653dde6830bbe1dc4406804347b9d3f9a037f53f0a8e79296fe2
1MB
211126-lhpkqabehr
Score
10 /10
MD5
SHA1
SHA256
SHA512
92d2b982db190dd73a46815f69730460
fa22116b54799ed06e28dca5a813c4ac29f24184
a25acf9e95fa653dde6830bbe1dc4406804347b9d3f9a037f53f0a8e79296fe2
f8abc9da38f5f04d91e7f7c00ff8464914737f19a892374f960f511dd36c15ba2c901e53e2a4e4f5047d89f15af7f6d3fbb4e790e2147ca2a828ef3b3d32d122
Malware Config
Targets
Target
MD5
Filesize
a25acf9e95fa653dde6830bbe1dc4406804347b9d3f9a037f53f0a8e79296fe2
92d2b982db190dd73a46815f69730460
1MB
Score
10/10
SHA1
SHA256
SHA512
fa22116b54799ed06e28dca5a813c4ac29f24184
a25acf9e95fa653dde6830bbe1dc4406804347b9d3f9a037f53f0a8e79296fe2
f8abc9da38f5f04d91e7f7c00ff8464914737f19a892374f960f511dd36c15ba2c901e53e2a4e4f5047d89f15af7f6d3fbb4e790e2147ca2a828ef3b3d32d122
Tags
Signatures
-
Dridex
-
Dridex Shellcode
Description
Detects Dridex Payload shellcode injected in Explorer process.
Tags
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
Tags
TTPs
-
Checks whether UAC is enabled
Tags
TTPs
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks