dridex | 574f1ff94f0541c9f61e481da5571b871f08cc353dfd3e7ac3f26db7c48092bd

Analysis

max time kernel
3s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 02:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

23f9722883a35d597e3c81e25467946e.dll
Size

1.8MB
MD5

23f9722883a35d597e3c81e25467946e
SHA1

cb4c7efa90cae0fbc9c09006309070b9009cbe21
SHA256

574f1ff94f0541c9f61e481da5571b871f08cc353dfd3e7ac3f26db7c48092bd
SHA512

4e024d71ce8fc26a76b26ddbdc92a2476bede0cd4c65eab92c7f0ac597246e2a32432d8e67d53729434dd2cffdc6aa0b40c2f5ff634e21333c7f2b8043e2a7d6
SSDEEP

12288:cVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:pfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Score

10^/10

dridex botnet evasion payload trojan

Malware Config

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Dridex Shellcode 1 IoCs

Detects Dridex Payload shellcode injected in Explorer process.

botnet payload

resource	yara_rule
behavioral2/memory/3436-4-0x0000000002D80000-0x0000000002D81000-memory.dmp	dridex_stager_shellcode

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	rundll32.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4696	rundll32.exe
4696	rundll32.exe
4696	rundll32.exe
4696	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\23f9722883a35d597e3c81e25467946e.dll,#1
1⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:4696

C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe
1⤵
PID:3812

C:\Users\Admin\AppData\Local\8cUn95O9O\SystemPropertiesDataExecutionPrevention.exe
C:\Users\Admin\AppData\Local\8cUn95O9O\SystemPropertiesDataExecutionPrevention.exe
1⤵
PID:2344

C:\Windows\system32\BdeUISrv.exe
C:\Windows\system32\BdeUISrv.exe
1⤵
PID:4320

C:\Users\Admin\AppData\Local\jXHH\BdeUISrv.exe
C:\Users\Admin\AppData\Local\jXHH\BdeUISrv.exe
1⤵
PID:2792

C:\Users\Admin\AppData\Local\2Ex9d5\wlrmdr.exe
C:\Users\Admin\AppData\Local\2Ex9d5\wlrmdr.exe
1⤵
PID:1864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\2Ex9d5\DUI70.dll

Filesize
2.1MB

MD5
5778498d28bdd0992e7f14021f31f431

SHA1
2e6aa54a115f9bc52337f85db5257c4ff8175969

SHA256
087775601141028da6c411938419ab2213b35138ce5e3aca66b3601386b8ae07

SHA512
4cd5bc909b3fadeb14be3dbca3c939a63f76e3fd4a40368b943c89e708f858537d3b9f3314edc70a38ba24869bb270548ee8fd3beb3d8f817c972bde4bc5d4bf

Download Submit
C:\Users\Admin\AppData\Local\2Ex9d5\wlrmdr.exe

Filesize
66KB

MD5
ef9bba7a637a11b224a90bf90a8943ac

SHA1
4747ec6efd2d41e049159249c2d888189bb33d1d

SHA256
2fda95aafb2e9284c730bf912b93f60a75b151941adc14445ed1e056140325b1

SHA512
4c1fdb8e4bf25546a2a33c95268593746f5ae2666ce36c6d9ba5833357f13720c4722231224e82308af8c156485a2c86ffd97e3093717a28d1300d3787ef1831

Download Submit
C:\Users\Admin\AppData\Local\8cUn95O9O\SYSDM.CPL

Filesize
1.8MB

MD5
9e808ed225d34e28d10df34ec73d7b0e

SHA1
12c05a360e40475b5ff611795129a4d5ba1096d4

SHA256
cc115559b99e76c3d6a2428b314c176b7dfdba1a2bc1d98a054bbdb59f1407e5

SHA512
edd72bd01efda4d0dc79c365d2051f126f48225948086767df7fba4f01a5ab8f62d9eb797c4c164f4d81dde466da8b135c8a0feb147df4ee5fe977183114e8d1

Download Submit
C:\Users\Admin\AppData\Local\8cUn95O9O\SystemPropertiesDataExecutionPrevention.exe

Filesize
82KB

MD5
de58532954c2704f2b2309ffc320651d

SHA1
0a9fc98f4d47dccb0b231edf9a63309314f68e3b

SHA256
1f810658969560f6e7d7a14f71d1196382e53b984ca190fa9b178ac4a32acfb3

SHA512
d4d57cc30d9079f4e9193ba42631e8e53d86b22e9c655d7a8c25e5be0e5e1d6dfff4714ddc23e3e392809d623b4f8d43c63893f74c325fc77459ac03c7a451ed

Download Submit
C:\Users\Admin\AppData\Local\jXHH\BdeUISrv.exe

Filesize
54KB

MD5
8595075667ff2c9a9f9e2eebc62d8f53

SHA1
c48b54e571f05d4e21d015bb3926c2129f19191a

SHA256
20b05c77f898be08737082e969b39f54fa39753c8c0a06142eb7ad5e0764a2db

SHA512
080dbcdd9234c07efe6cea4919ffa305fdc381ccebed9d1020dd6551b54e20e52387e62a344502fa4a85249defd0f9b506528b8dd34675bc9f51f664b8fc4d88

Download Submit
C:\Users\Admin\AppData\Local\jXHH\WTSAPI32.dll

Filesize
1.8MB

MD5
63f58594c3fc344df441728f8954142b

SHA1
5392b49d41c2feb6cc7146b6375602872e2c3754

SHA256
ae051b68bf8b35c23e0e009e30b7d4bd374964434a8aa694eb517ca917462aeb

SHA512
bea2b9db9280c155008be31643daba115e5d5580e5a5c34fc18c267b30602040fb198d29a0c04cf0edb33d168bcbb67f09c44b24c5baa1f7ec312767b0798940

Download Submit
C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Wdush.lnk

Filesize
1KB

MD5
a7b703ce61296ecad7855ba80484317a

SHA1
8ed17a4c94b0f4812d50b2273c602bed42dfd71b

SHA256
75cde7b27755679086aaa4bfb5e08833da5ce90d82aee92d145e1eced70addac

SHA512
ec2130dc0e193141bd9b0a7fb97816cc2c5b192aa2ffd0dc74933de4142197187bcb32f6715f1e391078f28eb96e24025c3458f3f60a3f4033deb3a3c50e7563

Download Submit
memory/1864-113-0x0000013365AF0000-0x0000013365AF7000-memory.dmp

Filesize
28KB

Download
memory/2344-77-0x0000000140000000-0x00000001401CA000-memory.dmp

Filesize
1.8MB

Download
memory/2344-78-0x00000172A5F00000-0x00000172A5F07000-memory.dmp

Filesize
28KB

Download
memory/2344-83-0x0000000140000000-0x00000001401CA000-memory.dmp

Filesize
1.8MB

Download
memory/2792-96-0x0000014045B20000-0x0000014045B27000-memory.dmp

Filesize
28KB

Download
memory/3436-35-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-28-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-48-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-50-0x0000000000F60000-0x0000000000F67000-memory.dmp

Filesize
28KB

Download
memory/3436-46-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-56-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-45-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-57-0x00007FFE990E0000-0x00007FFE990F0000-memory.dmp

Filesize
64KB

Download
memory/3436-44-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-68-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-66-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-43-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-41-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-42-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-40-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-39-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-37-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-36-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-38-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-32-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-33-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-29-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-34-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-31-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-30-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-47-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-27-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-25-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-21-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-17-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-26-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-24-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-23-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-22-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-20-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-19-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-18-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-16-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-15-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-14-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-13-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-12-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-10-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-9-0x00007FFE98C3A000-0x00007FFE98C3B000-memory.dmp

Filesize
4KB

Download
memory/3436-8-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-11-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/3436-4-0x0000000002D80000-0x0000000002D81000-memory.dmp

Filesize
4KB

Download
memory/3436-6-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/4696-7-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download
memory/4696-2-0x0000020EEBEA0000-0x0000020EEBEA7000-memory.dmp

Filesize
28KB

Download
memory/4696-0-0x0000000140000000-0x00000001401C9000-memory.dmp

Filesize
1.8MB

Download