Overview

overview

10

Static

static

3

0d20166db5...bb.dll

windows7-x64

10

0d20166db5...bb.dll

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    0d20166db5e8ca60f69590194a57f9bb

  • Size

    668KB

  • Sample

    231230-d5ed9sffb5

  • MD5

    0d20166db5e8ca60f69590194a57f9bb

  • SHA1

    4ca035763d55c3f04d1c23c66ce14eb28b4b42d1

  • SHA256

    3a64b40ea958fda7e9390275345e90aefe7f3cfe9712088e962caf1104fefe2e

  • SHA512

    4ebc891ccb3c75ee7a1d1d5000c89128dabf676907d6e8c42118805258e77e310a9d0e74557243a3f28bdeb27f96e2741e76c143e54d45eb9e2c9e5b5e95e6d2

  • SSDEEP

    6144:r34xznfAp4x+NWMqW/KZ1vCDTEpc2bysCZR6iwAtUnWKT5WK8Rpv1llfFfCRAuTF:rIKp/UWCZdCDh2IZDwAFRpR6Au

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      0d20166db5e8ca60f69590194a57f9bb

    • Size

      668KB

    • MD5

      0d20166db5e8ca60f69590194a57f9bb

    • SHA1

      4ca035763d55c3f04d1c23c66ce14eb28b4b42d1

    • SHA256

      3a64b40ea958fda7e9390275345e90aefe7f3cfe9712088e962caf1104fefe2e

    • SHA512

      4ebc891ccb3c75ee7a1d1d5000c89128dabf676907d6e8c42118805258e77e310a9d0e74557243a3f28bdeb27f96e2741e76c143e54d45eb9e2c9e5b5e95e6d2

    • SSDEEP

      6144:r34xznfAp4x+NWMqW/KZ1vCDTEpc2bysCZR6iwAtUnWKT5WK8Rpv1llfFfCRAuTF:rIKp/UWCZdCDh2IZDwAFRpR6Au

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Dridex payload

      Detects Dridex x64 core DLL in memory.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks