dridex | d1edb8387c2570a8d1979c748d466d5016454f7aaf4141895be6f6bdbf499bc7 | Triage

Sharing

General

Target

698d381098a0d8b9924e1e102051a85a
Size

3.2MB
Sample

231222-fh6aksfbdj
MD5

698d381098a0d8b9924e1e102051a85a
SHA1

2b74c2746df95710eaa40d3ba20ed754772228bb
SHA256

d1edb8387c2570a8d1979c748d466d5016454f7aaf4141895be6f6bdbf499bc7
SHA512

3d5173b9231e3f447a7eab5d326030cab4af2e81114e2ff7b026c333a88e0f708a21ad506a89b34856ee5f411485c215206d8e5524aef789998ef8b3fb63a751
SSDEEP

12288:xVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:AfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Score

10^/10

dridex botnet evasion payload persistence trojan

Malware Config

Targets

- Target
  
  698d381098a0d8b9924e1e102051a85a
- Size
  
  3.2MB
- MD5
  
  698d381098a0d8b9924e1e102051a85a
- SHA1
  
  2b74c2746df95710eaa40d3ba20ed754772228bb
- SHA256
  
  d1edb8387c2570a8d1979c748d466d5016454f7aaf4141895be6f6bdbf499bc7
- SHA512
  
  3d5173b9231e3f447a7eab5d326030cab4af2e81114e2ff7b026c333a88e0f708a21ad506a89b34856ee5f411485c215206d8e5524aef789998ef8b3fb63a751
- SSDEEP
  
  12288:xVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:AfP7fWsK5z9A+WGAW+V5SB6Ct4bnb
Score

10^/10

dridex botnet evasion payload trojan persistence
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Shellcode
  Detects Dridex Payload shellcode injected in Explorer process.
  botnet payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridexbotnetevasionpayloadtrojan

behavioral2

dridexbotnetevasionpayloadpersistencetrojan