Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

b6a95716e5...d8.dll

windows7-x64

10

b6a95716e5...d8.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b6a95716e500957dc3b9447faf3443d8

  • Size

    688KB

  • Sample

    240306-gh48ysdf28

  • MD5

    b6a95716e500957dc3b9447faf3443d8

  • SHA1

    efa033e42ed5c72417bb6cbe8d2dfb4705bce230

  • SHA256

    cfdf6cc09e2a199c461f5cab2c28a42e9d979cf64ac4af8e85d9ed5e97d9559a

  • SHA512

    9fb14331cd6b7a24c2ff6b0d9f196815e1774f66018af60cdb4405a1c251f9345e5c6a24172b813943f2be1e2a42c3e6d0595c9c9b5421facc6d29956e082c72

  • SSDEEP

    12288:VqJ4FzHTx8cOjEIonNgQLtXKFg2t/KRi4Baed:VqGBHTxvt+g2gYed

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      b6a95716e500957dc3b9447faf3443d8

    • Size

      688KB

    • MD5

      b6a95716e500957dc3b9447faf3443d8

    • SHA1

      efa033e42ed5c72417bb6cbe8d2dfb4705bce230

    • SHA256

      cfdf6cc09e2a199c461f5cab2c28a42e9d979cf64ac4af8e85d9ed5e97d9559a

    • SHA512

      9fb14331cd6b7a24c2ff6b0d9f196815e1774f66018af60cdb4405a1c251f9345e5c6a24172b813943f2be1e2a42c3e6d0595c9c9b5421facc6d29956e082c72

    • SSDEEP

      12288:VqJ4FzHTx8cOjEIonNgQLtXKFg2t/KRi4Baed:VqGBHTxvt+g2gYed

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Dridex payload

      Detects Dridex x64 core DLL in memory.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks