Overview

overview

10

Static

static

3

aa428ec3bd...a9.dll

windows7-x64

10

aa428ec3bd...a9.dll

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    aa428ec3bdbf6de2917f1292e4bdd1a9

  • Size

    1.7MB

  • Sample

    240227-1vjmkace48

  • MD5

    aa428ec3bdbf6de2917f1292e4bdd1a9

  • SHA1

    3955d1512e02a81155eed6861e812f70cc590887

  • SHA256

    c785a692f4504dbef9b3986de9a740fc2baf601d2ecf29cc689074f3cfd6cfd2

  • SHA512

    3d869061279ce840acbd5bbc92e319e2d24cad5cafb850c56e9d39ee419adcbafbc72402953d6bae18b64a6a545e443ae658f2affe89a38d357a82432134745d

  • SSDEEP

    12288:kVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ18U8wB:BfP7fWsK5z9A+WGAW+V5SB6Ct4bnb8

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      aa428ec3bdbf6de2917f1292e4bdd1a9

    • Size

      1.7MB

    • MD5

      aa428ec3bdbf6de2917f1292e4bdd1a9

    • SHA1

      3955d1512e02a81155eed6861e812f70cc590887

    • SHA256

      c785a692f4504dbef9b3986de9a740fc2baf601d2ecf29cc689074f3cfd6cfd2

    • SHA512

      3d869061279ce840acbd5bbc92e319e2d24cad5cafb850c56e9d39ee419adcbafbc72402953d6bae18b64a6a545e443ae658f2affe89a38d357a82432134745d

    • SSDEEP

      12288:kVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ18U8wB:BfP7fWsK5z9A+WGAW+V5SB6Ct4bnb8

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks