Overview

overview

10

Static

static

3

075813b296...55.dll

windows7-x64

10

075813b296...55.dll

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    075813b2962b66e10083e3c157e0b3dd19623ae64220f7959ebce926b2fe8b55

  • Size

    1.0MB

  • Sample

    231116-bb7gvaga21

  • MD5

    6dd2f7275313e6d91f71450c4bfdbfc9

  • SHA1

    c108aff0b868dd2c9865d60c37dcc5e119bf28d4

  • SHA256

    075813b2962b66e10083e3c157e0b3dd19623ae64220f7959ebce926b2fe8b55

  • SHA512

    dfc79b155955601ed120c0e824c9af91f51d9430b0e8fcffa46929ef315c48aab14fc1e7a63ff539efa47c280bc559a2f7880bd9a370201bad0a8d431a79d65a

  • SSDEEP

    12288:GtCtvNv+h26xiWZu8xDPtgPuSYAuXIPY2wKg7oGviTVp7OC0aO:GtChNv+ceiWjDVgyAurCg7osJ1

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      075813b2962b66e10083e3c157e0b3dd19623ae64220f7959ebce926b2fe8b55

    • Size

      1.0MB

    • MD5

      6dd2f7275313e6d91f71450c4bfdbfc9

    • SHA1

      c108aff0b868dd2c9865d60c37dcc5e119bf28d4

    • SHA256

      075813b2962b66e10083e3c157e0b3dd19623ae64220f7959ebce926b2fe8b55

    • SHA512

      dfc79b155955601ed120c0e824c9af91f51d9430b0e8fcffa46929ef315c48aab14fc1e7a63ff539efa47c280bc559a2f7880bd9a370201bad0a8d431a79d65a

    • SSDEEP

      12288:GtCtvNv+h26xiWZu8xDPtgPuSYAuXIPY2wKg7oGviTVp7OC0aO:GtChNv+ceiWjDVgyAurCg7osJ1

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Dridex payload

      Detects Dridex x64 core DLL in memory.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks