dridex | 10ecb5242bcd516a33c3fcbfd6f7c9b6237e4e9786e0e0c3923475621eb1e833 | Triage

Sharing

General

Target

10ecb5242bcd516a33c3fcbfd6f7c9b6237e4e9786e0e0c3923475621eb1e833
Size

884KB
Sample

220419-epgecsefa2
MD5

8127fafd69a7f4a1d9822e0a12d378a4
SHA1

a29bf5dd2b66d78e5561c9a994617b1c1ea38103
SHA256

10ecb5242bcd516a33c3fcbfd6f7c9b6237e4e9786e0e0c3923475621eb1e833
SHA512

5791c73c9f367e52d541bd05b58e4c930603173f3813724e29fcd26d0a94a2feb8749cc519c25cc43d0ee91b6ebe3d30f19ebb84e4289b35a132af912173c8a3

Score

10^/10

dridex botnet evasion payload persistence trojan

Malware Config

Targets

- Target
  
  10ecb5242bcd516a33c3fcbfd6f7c9b6237e4e9786e0e0c3923475621eb1e833
- Size
  
  884KB
- MD5
  
  8127fafd69a7f4a1d9822e0a12d378a4
- SHA1
  
  a29bf5dd2b66d78e5561c9a994617b1c1ea38103
- SHA256
  
  10ecb5242bcd516a33c3fcbfd6f7c9b6237e4e9786e0e0c3923475621eb1e833
- SHA512
  
  5791c73c9f367e52d541bd05b58e4c930603173f3813724e29fcd26d0a94a2feb8749cc519c25cc43d0ee91b6ebe3d30f19ebb84e4289b35a132af912173c8a3
Score

10^/10

dridex botnet evasion payload persistence trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Shellcode
  Detects Dridex Payload shellcode injected in Explorer process.
  botnet payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridexbotnetevasionpayloadpersistencetrojan

behavioral2

evasionpersistencetrojan