dridex | d7de92fab29dd63724f0ecac51deaa9b343500a61f164029de7d1c8e19457914 | Triage

Submit
Reports

Overview

overview

Static

static

3

7ab57693db...4e.dll

windows7-x64

7ab57693db...4e.dll

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

7ab57693dbdaf787706d0da8c151df4e
Size

2.9MB
Sample

240127-ttsqhshdej
MD5

7ab57693dbdaf787706d0da8c151df4e
SHA1

5b10dab0b2ce302bfb48a8e2f039479231102c48
SHA256

d7de92fab29dd63724f0ecac51deaa9b343500a61f164029de7d1c8e19457914
SHA512

8b5995d735812a3707faee91854a183c52de45145024eb6064d181185b188adafd21b2b574c1b7f80c8da8424792b8cd26e625900a6514d3f31e5dfccf122bca
SSDEEP

12288:rVI0W/Ttl/LPJCm3WIYxJ9yK5oQNPElOlidGgmilgm5Qq0nB6wtt4AenZ1:qf/LfWsK5TNA+WGgm+V5SB6Ct4bnb

Score

10^/10

dridex botnet evasion payload persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7ab57693dbdaf787706d0da8c151df4e.dll

Resource

win7-20231215-en

dridex botnet evasion payload trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

7ab57693dbdaf787706d0da8c151df4e.dll

Resource

win10v2004-20231215-en

dridex botnet evasion payload persistence trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  7ab57693dbdaf787706d0da8c151df4e
- Size
  
  2.9MB
- MD5
  
  7ab57693dbdaf787706d0da8c151df4e
- SHA1
  
  5b10dab0b2ce302bfb48a8e2f039479231102c48
- SHA256
  
  d7de92fab29dd63724f0ecac51deaa9b343500a61f164029de7d1c8e19457914
- SHA512
  
  8b5995d735812a3707faee91854a183c52de45145024eb6064d181185b188adafd21b2b574c1b7f80c8da8424792b8cd26e625900a6514d3f31e5dfccf122bca
- SSDEEP
  
  12288:rVI0W/Ttl/LPJCm3WIYxJ9yK5oQNPElOlidGgmilgm5Qq0nB6wtt4AenZ1:qf/LfWsK5TNA+WGgm+V5SB6Ct4bnb
Score

10^/10

dridex botnet evasion payload trojan persistence
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Shellcode
  Detects Dridex Payload shellcode injected in Explorer process.
  botnet payload
- Modifies Installed Components in the registry
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridexbotnetevasionpayloadtrojan

behavioral2

dridexbotnetevasionpayloadpersistencetrojan

© 2018-2025

Terms | Privacy