Overview

overview

10

Static

static

ab8f6d6491...89.dll

windows7_x64

10

ab8f6d6491...89.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ab8f6d64918bfde8d603af28047f91c3bdfd82df3d965391fc1b480542d64b89

  • Size

    1.4MB

  • Sample

    220323-jzgkbsaae4

  • MD5

    2a52d4cc48659ad06386e6f1ddb17613

  • SHA1

    fb551a1f927e6b86fb2e8281d4f09a753e5a7f5b

  • SHA256

    ab8f6d64918bfde8d603af28047f91c3bdfd82df3d965391fc1b480542d64b89

  • SHA512

    c37af474e1defdc504f979dcdd11413ee2337baa6ebe49156e02999415cf8f3d5d69e6c3da8f8dd7ba58fec6e337ffdee4414c26e2ea79ad9ee1aa6d2381eec1

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      ab8f6d64918bfde8d603af28047f91c3bdfd82df3d965391fc1b480542d64b89

    • Size

      1.4MB

    • MD5

      2a52d4cc48659ad06386e6f1ddb17613

    • SHA1

      fb551a1f927e6b86fb2e8281d4f09a753e5a7f5b

    • SHA256

      ab8f6d64918bfde8d603af28047f91c3bdfd82df3d965391fc1b480542d64b89

    • SHA512

      c37af474e1defdc504f979dcdd11413ee2337baa6ebe49156e02999415cf8f3d5d69e6c3da8f8dd7ba58fec6e337ffdee4414c26e2ea79ad9ee1aa6d2381eec1

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks