Overview

overview

10

Static

static

3

c33cf44a76...85.dll

windows7-x64

10

c33cf44a76...85.dll

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    c33cf44a76c6fa3b396596f647d36b85

  • Size

    3.5MB

  • Sample

    231222-rtg8nsafck

  • MD5

    c33cf44a76c6fa3b396596f647d36b85

  • SHA1

    e4977fb38edcc8e67fdbee05616d75c43b1ab864

  • SHA256

    e1ca91ed0d33d2c332212b0318a5babd07a6a694e5886a6e30987dab28d05de6

  • SHA512

    549a2669264d4e8b05cad9f05d06bad9e1baed0c37558dbea34802a95705f0e75a31edd839000835b8af2ebba4f943a83075f600b33198cad449481a1622ab21

  • SSDEEP

    12288:CVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:ffP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      c33cf44a76c6fa3b396596f647d36b85

    • Size

      3.5MB

    • MD5

      c33cf44a76c6fa3b396596f647d36b85

    • SHA1

      e4977fb38edcc8e67fdbee05616d75c43b1ab864

    • SHA256

      e1ca91ed0d33d2c332212b0318a5babd07a6a694e5886a6e30987dab28d05de6

    • SHA512

      549a2669264d4e8b05cad9f05d06bad9e1baed0c37558dbea34802a95705f0e75a31edd839000835b8af2ebba4f943a83075f600b33198cad449481a1622ab21

    • SSDEEP

      12288:CVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:ffP7fWsK5z9A+WGAW+V5SB6Ct4bnb

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks