dridex | f7ecbb2280d3798f34c6d54d342aaa1ee2be6fb909570643712fb9285456517e | Triage

Submit
Reports

Overview

overview

Static

static

3

NEAS.1f0b3...JC.dll

windows7-x64

NEAS.1f0b3...JC.dll

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.1f0b38d9dc62745336ed59f23ef9d930_JC.exe
Size

3.7MB
Sample

231021-yarrbshd8x
MD5

1f0b38d9dc62745336ed59f23ef9d930
SHA1

ca7103f7e63dc73d6539dc31a6f1f897ffee4411
SHA256

f7ecbb2280d3798f34c6d54d342aaa1ee2be6fb909570643712fb9285456517e
SHA512

9d383d343322f11f70a4255f2062dffcc77ea2af2ea31575941dcbf7dd7886bd938c1111385028098e1184568919986714cd57722da442397cc64924636d93e0
SSDEEP

24576:P8uea4w467D5/0ypyFYELW8xFZmMXJZA:FXyFYELpT

Score

10^/10

dridex botnet evasion payload persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

NEAS.1f0b38d9dc62745336ed59f23ef9d930_JC.dll

Resource

win7-20230831-en

dridex botnet evasion payload persistence trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.1f0b38d9dc62745336ed59f23ef9d930_JC.dll

Resource

win10v2004-20230915-en

dridex botnet evasion payload persistence trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  NEAS.1f0b38d9dc62745336ed59f23ef9d930_JC.exe
- Size
  
  3.7MB
- MD5
  
  1f0b38d9dc62745336ed59f23ef9d930
- SHA1
  
  ca7103f7e63dc73d6539dc31a6f1f897ffee4411
- SHA256
  
  f7ecbb2280d3798f34c6d54d342aaa1ee2be6fb909570643712fb9285456517e
- SHA512
  
  9d383d343322f11f70a4255f2062dffcc77ea2af2ea31575941dcbf7dd7886bd938c1111385028098e1184568919986714cd57722da442397cc64924636d93e0
- SSDEEP
  
  24576:P8uea4w467D5/0ypyFYELW8xFZmMXJZA:FXyFYELpT
Score

10^/10

dridex botnet evasion payload persistence trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Shellcode
  Detects Dridex Payload shellcode injected in Explorer process.
  botnet payload
- Dridex payload
  Detects Dridex x64 core DLL in memory.
  botnet payload
- Modifies Installed Components in the registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridexbotnetevasionpayloadpersistencetrojan

behavioral2

dridexbotnetevasionpayloadpersistencetrojan

© 2018-2025

Terms | Privacy