dridex | ceb71d8fc2a01961aa32a259d57e3d067ac38477cb38e5dcf4c4f627aead589a | Triage

Submit
Reports

Overview

overview

Static

static

ceb71d8fc2...9a.dll

windows7_x64

ceb71d8fc2...9a.dll

windows10-2004_x64

8

Sharing

General

Target

ceb71d8fc2a01961aa32a259d57e3d067ac38477cb38e5dcf4c4f627aead589a
Size

1.4MB
Sample

220417-t3kfhadgd2
MD5

c8b52a369d62de461d4a77da10199825
SHA1

3eb7b593dc01afacb3a569571638dcebba2066f5
SHA256

ceb71d8fc2a01961aa32a259d57e3d067ac38477cb38e5dcf4c4f627aead589a
SHA512

57c101bf153eedb4a1dd77c6b31751c249bc7a3b90a62335c93c2c90971a3df69c3cd873fdddc7380f0619abcf61f8153333f8faa72ea55c437fb7df3cdc1157

Score

10^/10

dridex botnet evasion payload persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

ceb71d8fc2a01961aa32a259d57e3d067ac38477cb38e5dcf4c4f627aead589a.dll

Resource

win7-20220414-en

dridex botnet evasion payload persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ceb71d8fc2a01961aa32a259d57e3d067ac38477cb38e5dcf4c4f627aead589a.dll

Resource

win10v2004-20220414-en

evasion persistence trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  ceb71d8fc2a01961aa32a259d57e3d067ac38477cb38e5dcf4c4f627aead589a
- Size
  
  1.4MB
- MD5
  
  c8b52a369d62de461d4a77da10199825
- SHA1
  
  3eb7b593dc01afacb3a569571638dcebba2066f5
- SHA256
  
  ceb71d8fc2a01961aa32a259d57e3d067ac38477cb38e5dcf4c4f627aead589a
- SHA512
  
  57c101bf153eedb4a1dd77c6b31751c249bc7a3b90a62335c93c2c90971a3df69c3cd873fdddc7380f0619abcf61f8153333f8faa72ea55c437fb7df3cdc1157
Score

10^/10

dridex botnet evasion payload persistence trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Shellcode
  Detects Dridex Payload shellcode injected in Explorer process.
  botnet payload
- Modifies Installed Components in the registry
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridexbotnetevasionpayloadpersistencetrojan

behavioral2

evasionpersistencetrojan

© 2018-2024

Terms | Privacy