dridex | 13aa6bed5b3a656b9c86cc2d397f765779f4a7dff49f73d58bd97e11423e0635 | Triage

Submit
Reports

Overview

overview

Static

static

dry.dll

windows7_x64

Resubmissions

20-02-2022 07:31

220220-jcw2haaba2 10

20-02-2022 07:19

220220-h5jffabafp 10

Sharing

General

Target

dry.dll
Size

1.3MB
Sample

220220-jcw2haaba2
MD5

4bec705de3584b911018c84f31659a17
SHA1

b29ff37578ef950b702ec5db59161294c2e1a7b3
SHA256

13aa6bed5b3a656b9c86cc2d397f765779f4a7dff49f73d58bd97e11423e0635
SHA512

5841f5d288fa4496391fa008326d15ac9abc644c07bf970b20fd1ed2719d5ce01c457d84d17fc8025ff801d7aaec371ee2b6504cabab853d02fb6c1ad49ec423

Score

10^/10

dridex botnet discovery evasion payload persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

dry.dll

Resource

win7-en-20211208

dridex botnet discovery evasion payload persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  dry.dll
- Size
  
  1.3MB
- MD5
  
  4bec705de3584b911018c84f31659a17
- SHA1
  
  b29ff37578ef950b702ec5db59161294c2e1a7b3
- SHA256
  
  13aa6bed5b3a656b9c86cc2d397f765779f4a7dff49f73d58bd97e11423e0635
- SHA512
  
  5841f5d288fa4496391fa008326d15ac9abc644c07bf970b20fd1ed2719d5ce01c457d84d17fc8025ff801d7aaec371ee2b6504cabab853d02fb6c1ad49ec423
Score

10^/10

dridex botnet discovery evasion payload persistence spyware stealer trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Shellcode
  Detects Dridex Payload shellcode injected in Explorer process.
  botnet payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridexbotnetdiscoveryevasionpayloadpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy