Overview

overview

10

Static

static

35de1c7ca7...71.dll

windows7_x64

8

35de1c7ca7...71.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    35de1c7ca742f0f5e25b9ffcf632bac7e50bd68d11b31cf1fcf66c6065265f71

  • Size

    1000KB

  • Sample

    220417-t3aw3aahdr

  • MD5

    a1802c11c7ddd2eada359d6de66a3f92

  • SHA1

    232773f600292d53111d1bfb13117553da7c497e

  • SHA256

    35de1c7ca742f0f5e25b9ffcf632bac7e50bd68d11b31cf1fcf66c6065265f71

  • SHA512

    48b1a0176e19d4c281856605cdd446893bfc378d78152e92c69ab390e465485b65dda5d19ed7c5e284600854c6208f71f5dd42c10c8799048025164989db630d

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      35de1c7ca742f0f5e25b9ffcf632bac7e50bd68d11b31cf1fcf66c6065265f71

    • Size

      1000KB

    • MD5

      a1802c11c7ddd2eada359d6de66a3f92

    • SHA1

      232773f600292d53111d1bfb13117553da7c497e

    • SHA256

      35de1c7ca742f0f5e25b9ffcf632bac7e50bd68d11b31cf1fcf66c6065265f71

    • SHA512

      48b1a0176e19d4c281856605cdd446893bfc378d78152e92c69ab390e465485b65dda5d19ed7c5e284600854c6208f71f5dd42c10c8799048025164989db630d

    Score
    10/10
    evasionpersistencetrojandridexbotnetpayload

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks