Overview

overview

10

Static

static

a9fe4467c4...50.dll

windows7_x64

10

a9fe4467c4...50.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a9fe4467c4cf96221cd9951c4fef7e92cb0ddb77e01dab1e7ef8b8ef7947d250

  • Size

    1019KB

  • Sample

    220417-t3mkvsaheq

  • MD5

    1a501286e9f32f254eaa77fda8dcea2d

  • SHA1

    f35d647538278de37e05607c3f2fdfb3e0cde0e5

  • SHA256

    a9fe4467c4cf96221cd9951c4fef7e92cb0ddb77e01dab1e7ef8b8ef7947d250

  • SHA512

    90cf001fc3a3290c62b43268925a41a35c0e6593a8baa08a1594e67ff00253d4e647a0dacd50e438c1d979b21cf5cb4161ece80850e213e3a1ef98f5d571cdc6

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      a9fe4467c4cf96221cd9951c4fef7e92cb0ddb77e01dab1e7ef8b8ef7947d250

    • Size

      1019KB

    • MD5

      1a501286e9f32f254eaa77fda8dcea2d

    • SHA1

      f35d647538278de37e05607c3f2fdfb3e0cde0e5

    • SHA256

      a9fe4467c4cf96221cd9951c4fef7e92cb0ddb77e01dab1e7ef8b8ef7947d250

    • SHA512

      90cf001fc3a3290c62b43268925a41a35c0e6593a8baa08a1594e67ff00253d4e647a0dacd50e438c1d979b21cf5cb4161ece80850e213e3a1ef98f5d571cdc6

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks