b00840048749257957b81d41979187a60a83d52fbe57998630873729a94ffd79

Target

Size

1MB

Sample

211126-lhpkqaegh7

Score

10 ^/10

MD5

12a2429bc9990f1631ce12341895db8c

SHA1

0ee8f6d9b2ce34403e841a39a5f92c6d8138dc42

SHA256

b00840048749257957b81d41979187a60a83d52fbe57998630873729a94ffd79

SHA512

cd85e51fe53befd08ce8707d354ba2a1e519dc5444cc81dd625342af64de9f93de947dcb845c652ad13012c22e056851d2c11eb236086607560e16b829f0a8df

Target

b00840048749257957b81d41979187a60a83d52fbe57998630873729a94ffd79

MD5

12a2429bc9990f1631ce12341895db8c

Filesize

1MB

Score

10^/10

SHA1

0ee8f6d9b2ce34403e841a39a5f92c6d8138dc42

SHA256

b00840048749257957b81d41979187a60a83d52fbe57998630873729a94ffd79

SHA512

cd85e51fe53befd08ce8707d354ba2a1e519dc5444cc81dd625342af64de9f93de947dcb845c652ad13012c22e056851d2c11eb236086607560e16b829f0a8df

Signatures

Dridex
Description

Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
Tags

botnet dridex
Dridex Shellcode
Description

Detects Dridex Payload shellcode injected in Explorer process.
Tags

botnet payload
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
Tags

persistence

TTPs

Registry Run Keys / Startup FolderModify Registry
Checks whether UAC is enabled
Tags

evasion trojan

TTPs

System Information Discovery

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

System Information Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

static1

behavioral1

dridex botnet evasion payload persistence trojan

10^/10

behavioral2

dridex botnet evasion payload persistence trojan

10^/10

Tags

Signatures

Dridex

Description

Tags

Dridex Shellcode

Description

Tags

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Tags

TTPs

Checks whether UAC is enabled

Tags

TTPs

Related Tasks

static1

behavioral1

behavioral2