Overview

overview

10

Static

static

3

4b6e05dcf2...5f.dll

windows7-x64

10

4b6e05dcf2...5f.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4b6e05dcf2f97e22e23ccee43760bb5f

  • Size

    3.0MB

  • Sample

    240108-pllj1safb2

  • MD5

    4b6e05dcf2f97e22e23ccee43760bb5f

  • SHA1

    b900fb7097b4ec2521e4c51234939efe63c0190e

  • SHA256

    a378e9fbc0661da7e27a88d882f90752f4e2a6a59e15aa910a51a67bc92f6c96

  • SHA512

    f8b195e8a69c41297d4c0c5537cca42a9097442bea07fd6f8796ae90e5e08600747918ba85cf26c91e845cd6ed8d49460cd9145aae675f08ec67e9e840398815

  • SSDEEP

    12288:RVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:gfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      4b6e05dcf2f97e22e23ccee43760bb5f

    • Size

      3.0MB

    • MD5

      4b6e05dcf2f97e22e23ccee43760bb5f

    • SHA1

      b900fb7097b4ec2521e4c51234939efe63c0190e

    • SHA256

      a378e9fbc0661da7e27a88d882f90752f4e2a6a59e15aa910a51a67bc92f6c96

    • SHA512

      f8b195e8a69c41297d4c0c5537cca42a9097442bea07fd6f8796ae90e5e08600747918ba85cf26c91e845cd6ed8d49460cd9145aae675f08ec67e9e840398815

    • SSDEEP

      12288:RVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:gfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks