Overview

overview

10

Static

static

3

ddadbb447c...7f.dll

windows7-x64

10

ddadbb447c...7f.dll

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    ddadbb447c8bbc6bd1f01dcd9fac9c7f

  • Size

    1.8MB

  • Sample

    231222-s46vfsaeel

  • MD5

    ddadbb447c8bbc6bd1f01dcd9fac9c7f

  • SHA1

    1810fafd1df89d647909982e3de0482ed1e90fc2

  • SHA256

    fb89ca087d55f71eddc5ca73f6ba721ea96fc61e9cc1b0f8945efb8e4ac9e2ad

  • SHA512

    dd85c723f9629144f144fc4d93c52c7af407ed135c893ba3efa742d2fbb87b8131937e36ebb03df53c84f2cd3b4c071dd6dd2a0f47ce220410a06160c82af12b

  • SSDEEP

    12288:FVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:cfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      ddadbb447c8bbc6bd1f01dcd9fac9c7f

    • Size

      1.8MB

    • MD5

      ddadbb447c8bbc6bd1f01dcd9fac9c7f

    • SHA1

      1810fafd1df89d647909982e3de0482ed1e90fc2

    • SHA256

      fb89ca087d55f71eddc5ca73f6ba721ea96fc61e9cc1b0f8945efb8e4ac9e2ad

    • SHA512

      dd85c723f9629144f144fc4d93c52c7af407ed135c893ba3efa742d2fbb87b8131937e36ebb03df53c84f2cd3b4c071dd6dd2a0f47ce220410a06160c82af12b

    • SSDEEP

      12288:FVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:cfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks