dridex | aec8613c0ea9491913a67bf9b9fd7737c8e0bac6153062750491fd45744ac885 | Triage

Submit
Reports

Overview

overview

Static

static

aec8613c0e...85.dll

windows7_x64

aec8613c0e...85.dll

windows10-2004_x64

Sharing

General

Target

aec8613c0ea9491913a67bf9b9fd7737c8e0bac6153062750491fd45744ac885
Size

971KB
Sample

220419-exa8babfen
MD5

c03417963d95f7ad49c7c1c9eccf2144
SHA1

9aaa9b9670a98f46de58c58446f2a46991c66613
SHA256

aec8613c0ea9491913a67bf9b9fd7737c8e0bac6153062750491fd45744ac885
SHA512

6a36006cb10afd58a8cef63df1090fd2e9750c9dfe16cd18d09e9c449ac84a7d08d27fa4a2c522e59ae030b46f9a106c2af233ccaee130e257ec20ee27fe311e

Score

10^/10

dridex botnet evasion payload persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

aec8613c0ea9491913a67bf9b9fd7737c8e0bac6153062750491fd45744ac885.dll

Resource

win7-20220414-en

dridex botnet evasion payload persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

aec8613c0ea9491913a67bf9b9fd7737c8e0bac6153062750491fd45744ac885.dll

Resource

win10v2004-20220414-en

dridex botnet evasion payload persistence trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  aec8613c0ea9491913a67bf9b9fd7737c8e0bac6153062750491fd45744ac885
- Size
  
  971KB
- MD5
  
  c03417963d95f7ad49c7c1c9eccf2144
- SHA1
  
  9aaa9b9670a98f46de58c58446f2a46991c66613
- SHA256
  
  aec8613c0ea9491913a67bf9b9fd7737c8e0bac6153062750491fd45744ac885
- SHA512
  
  6a36006cb10afd58a8cef63df1090fd2e9750c9dfe16cd18d09e9c449ac84a7d08d27fa4a2c522e59ae030b46f9a106c2af233ccaee130e257ec20ee27fe311e
Score

10^/10

dridex botnet evasion payload persistence trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Payload
  Detects Dridex x64 core DLL in memory.
  botnet payload
- Dridex Shellcode
  Detects Dridex Payload shellcode injected in Explorer process.
  botnet payload
- Modifies Installed Components in the registry
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dridexbotnetevasionpayloadpersistencetrojan

behavioral2

dridexbotnetevasionpayloadpersistencetrojan

© 2018-2024

Terms | Privacy