dridex | bf8c9af77542db3ba0b3962dc7ba4f6c7728848dd787c6398cfd34cd3e2ca023 | Triage

Submit
Reports

Overview

overview

Static

static

bf8c9af775...23.dll

windows7_x64

8

bf8c9af775...23.dll

windows10-2004_x64

Sharing

General

Target

bf8c9af77542db3ba0b3962dc7ba4f6c7728848dd787c6398cfd34cd3e2ca023
Size

1.3MB
Sample

220419-ev9yvsbefn
MD5

872285aa166d50053d31b95d2a606b06
SHA1

bc1146ea0a5a91e007e2c2a3a94530bdb5d655e8
SHA256

bf8c9af77542db3ba0b3962dc7ba4f6c7728848dd787c6398cfd34cd3e2ca023
SHA512

8d347c166e06a791b452fb6c542509977cf09a0202e09ea94adab4f63a8d43c78ca52533b923499e94a264caad363a2f8d9c741f4cbb47640702c0761a8fa6eb

Score

10^/10

dridex botnet evasion payload persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

bf8c9af77542db3ba0b3962dc7ba4f6c7728848dd787c6398cfd34cd3e2ca023.dll

Resource

win7-20220414-en

evasion persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

bf8c9af77542db3ba0b3962dc7ba4f6c7728848dd787c6398cfd34cd3e2ca023.dll

Resource

win10v2004-20220414-en

dridex botnet evasion payload persistence trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  bf8c9af77542db3ba0b3962dc7ba4f6c7728848dd787c6398cfd34cd3e2ca023
- Size
  
  1.3MB
- MD5
  
  872285aa166d50053d31b95d2a606b06
- SHA1
  
  bc1146ea0a5a91e007e2c2a3a94530bdb5d655e8
- SHA256
  
  bf8c9af77542db3ba0b3962dc7ba4f6c7728848dd787c6398cfd34cd3e2ca023
- SHA512
  
  8d347c166e06a791b452fb6c542509977cf09a0202e09ea94adab4f63a8d43c78ca52533b923499e94a264caad363a2f8d9c741f4cbb47640702c0761a8fa6eb
Score

10^/10

evasion persistence trojan dridex botnet payload
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Shellcode
  Detects Dridex Payload shellcode injected in Explorer process.
  botnet payload
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

dridexbotnetevasionpayloadpersistencetrojan

© 2018-2024

Terms | Privacy