Overview

overview

10

Static

static

3

97013513ee...c0.dll

windows7-x64

10

97013513ee...c0.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    97013513eec319a4402a818111b261c0

  • Size

    1.8MB

  • Sample

    240212-m661cadd59

  • MD5

    97013513eec319a4402a818111b261c0

  • SHA1

    fd02ea2d8ff8c99ccaf35124b49c20894e92df82

  • SHA256

    a3575f530f130fc338946c0c6c4ac822007a36b4a860671383ce565cb77cbea0

  • SHA512

    f6d3924530ddb3dc5e1fbb7c864dbbdc517da5610248bde8f2c8628a135d89ad87654b90bde30cc94fe1e7ad0c31ab8e2556ccc4f9e4cc0684ffe5ab2c540901

  • SSDEEP

    12288:BVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1Q:wfP7fWsK5z9A+WGAW+V5SB6Ct4bnbQ

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      97013513eec319a4402a818111b261c0

    • Size

      1.8MB

    • MD5

      97013513eec319a4402a818111b261c0

    • SHA1

      fd02ea2d8ff8c99ccaf35124b49c20894e92df82

    • SHA256

      a3575f530f130fc338946c0c6c4ac822007a36b4a860671383ce565cb77cbea0

    • SHA512

      f6d3924530ddb3dc5e1fbb7c864dbbdc517da5610248bde8f2c8628a135d89ad87654b90bde30cc94fe1e7ad0c31ab8e2556ccc4f9e4cc0684ffe5ab2c540901

    • SSDEEP

      12288:BVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1Q:wfP7fWsK5z9A+WGAW+V5SB6Ct4bnbQ

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks