dridex | 075c91511b4358c6e72aaee2e8ea3b67d6f4caee1eb2b4fa92cbf659ea7c8c62

Analysis

max time kernel
3s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 09:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

48a3c56fe0632fde64f2932afc94f9c0.dll
Size

2.9MB
MD5

48a3c56fe0632fde64f2932afc94f9c0
SHA1

22089d27037da60a74d2ba6d009e62e2800cd72a
SHA256

075c91511b4358c6e72aaee2e8ea3b67d6f4caee1eb2b4fa92cbf659ea7c8c62
SHA512

226ddcff05c1ea8249dfe3217e2d0e9101b2a45b5288175092926c5b34bd18f540970bcf6ae0970d8aa34673ab9a09033c3adc7b649f160dd07314fb4a56ad72
SSDEEP

12288:xVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:AfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Score

10^/10

dridex botnet evasion payload trojan

Malware Config

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Dridex Shellcode 1 IoCs

Detects Dridex Payload shellcode injected in Explorer process.

botnet payload

resource	yara_rule
behavioral1/memory/1380-5-0x0000000002EA0000-0x0000000002EA1000-memory.dmp	dridex_stager_shellcode

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	rundll32.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2548	rundll32.exe
2548	rundll32.exe
2548	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\48a3c56fe0632fde64f2932afc94f9c0.dll,#1
1⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:2548

C:\Windows\system32\psr.exe
C:\Windows\system32\psr.exe
1⤵
PID:2300

C:\Users\Admin\AppData\Local\gl6pZ3Q6\psr.exe
C:\Users\Admin\AppData\Local\gl6pZ3Q6\psr.exe
1⤵
PID:1844

C:\Windows\system32\wscript.exe
C:\Windows\system32\wscript.exe
1⤵
PID:2740

C:\Users\Admin\AppData\Local\NXuuQ4MB\wscript.exe
C:\Users\Admin\AppData\Local\NXuuQ4MB\wscript.exe
1⤵
PID:1536

C:\Windows\system32\rdpclip.exe
C:\Windows\system32\rdpclip.exe
1⤵
PID:1192

C:\Users\Admin\AppData\Local\BoGPae\rdpclip.exe
C:\Users\Admin\AppData\Local\BoGPae\rdpclip.exe
1⤵
PID:1440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1380-39-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-32-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-17-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-28-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-36-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-45-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-4-0x00000000774F6000-0x00000000774F7000-memory.dmp

Filesize
4KB

Download
memory/1380-63-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-65-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-37-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-69-0x0000000002E00000-0x0000000002E07000-memory.dmp

Filesize
28KB

Download
memory/1380-62-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-78-0x0000000077760000-0x0000000077762000-memory.dmp

Filesize
8KB

Download
memory/1380-77-0x0000000077601000-0x0000000077602000-memory.dmp

Filesize
4KB

Download
memory/1380-60-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-61-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-59-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-58-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-57-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-56-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-54-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-53-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-52-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-51-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-50-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-49-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-48-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-47-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-46-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-44-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-43-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-42-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-41-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-40-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-55-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-10-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-64-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-35-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-34-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-33-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-38-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-31-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-30-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-29-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-27-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-26-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-25-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-24-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-23-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-22-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-21-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-20-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-19-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-18-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-16-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-15-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-14-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-13-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-12-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-11-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-9-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1380-187-0x00000000774F6000-0x00000000774F7000-memory.dmp

Filesize
4KB

Download
memory/1380-5-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

Filesize
4KB

Download
memory/1380-7-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/1440-156-0x0000000000190000-0x0000000000197000-memory.dmp

Filesize
28KB

Download
memory/1536-132-0x0000000000490000-0x0000000000497000-memory.dmp

Filesize
28KB

Download
memory/1844-105-0x0000000000510000-0x0000000000517000-memory.dmp

Filesize
28KB

Download
memory/2548-1-0x0000000000430000-0x0000000000437000-memory.dmp

Filesize
28KB

Download
memory/2548-0-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download
memory/2548-8-0x0000000140000000-0x00000001402E0000-memory.dmp

Filesize
2.9MB

Download