dridex | ea76ebecb809e4b915523658ddd2263dd0d3b0ed946d2d32c4459a818c182440 | Triage

Submit
Reports

Overview

overview

Static

static

ea76ebecb8...40.dll

windows7_x64

ea76ebecb8...40.dll

windows10-2004_x64

Sharing

General

Target

ea76ebecb809e4b915523658ddd2263dd0d3b0ed946d2d32c4459a818c182440
Size

622KB
Sample

220417-t3e6saahel
MD5

a70f5490f5e1b1e59dc712664988cd2b
SHA1

66a09623bf9466c15487ca11011675ffe28f238f
SHA256

ea76ebecb809e4b915523658ddd2263dd0d3b0ed946d2d32c4459a818c182440
SHA512

d31b4d9c7924f330258448b4dec51f41464f935d208fc7c90105eb47fc5a9ff15dec0fd0874742be6b26abc0972140066bdacb7c37bb0038f52e98cdd01afefd

Score

10^/10

dridex botnet evasion payload persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

ea76ebecb809e4b915523658ddd2263dd0d3b0ed946d2d32c4459a818c182440.dll

Resource

win7-20220414-en

dridex botnet evasion payload persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ea76ebecb809e4b915523658ddd2263dd0d3b0ed946d2d32c4459a818c182440.dll

Resource

win10v2004-20220414-en

dridex botnet evasion payload persistence trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  ea76ebecb809e4b915523658ddd2263dd0d3b0ed946d2d32c4459a818c182440
- Size
  
  622KB
- MD5
  
  a70f5490f5e1b1e59dc712664988cd2b
- SHA1
  
  66a09623bf9466c15487ca11011675ffe28f238f
- SHA256
  
  ea76ebecb809e4b915523658ddd2263dd0d3b0ed946d2d32c4459a818c182440
- SHA512
  
  d31b4d9c7924f330258448b4dec51f41464f935d208fc7c90105eb47fc5a9ff15dec0fd0874742be6b26abc0972140066bdacb7c37bb0038f52e98cdd01afefd
Score

10^/10

dridex botnet evasion payload persistence trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Payload
  Detects Dridex x64 core DLL in memory.
  botnet payload
- Dridex Shellcode
  Detects Dridex Payload shellcode injected in Explorer process.
  botnet payload
- Modifies Installed Components in the registry
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridexbotnetevasionpayloadpersistencetrojan

behavioral2

dridexbotnetevasionpayloadpersistencetrojan

© 2018-2024

Terms | Privacy