dridex | 57f113bc0d460ba8e1749e7f6adce5d8c895516b193bbe9ae6395e26e8b9273e | Triage

Sharing

General

Target

ecf41eed01b51896a22420497a67777d_JaffaCakes118
Size

2.9MB
Sample

240411-jzbzvafc92
MD5

ecf41eed01b51896a22420497a67777d
SHA1

1c960b966c49ce5f8c30676469f5ba470e3d1706
SHA256

57f113bc0d460ba8e1749e7f6adce5d8c895516b193bbe9ae6395e26e8b9273e
SHA512

205ce72c7fca3bd646995d2a5ffad654e2f91516a1f729fd9b06aace74bddda06a95b50c000edcc57678072fed18eabfbefd165a7c552fe2cffdbf48c63824c2
SSDEEP

12288:7VI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:afP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Score

10^/10

dridex botnet evasion payload persistence trojan

Malware Config

Targets

- Target
  
  ecf41eed01b51896a22420497a67777d_JaffaCakes118
- Size
  
  2.9MB
- MD5
  
  ecf41eed01b51896a22420497a67777d
- SHA1
  
  1c960b966c49ce5f8c30676469f5ba470e3d1706
- SHA256
  
  57f113bc0d460ba8e1749e7f6adce5d8c895516b193bbe9ae6395e26e8b9273e
- SHA512
  
  205ce72c7fca3bd646995d2a5ffad654e2f91516a1f729fd9b06aace74bddda06a95b50c000edcc57678072fed18eabfbefd165a7c552fe2cffdbf48c63824c2
- SSDEEP
  
  12288:7VI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:afP7fWsK5z9A+WGAW+V5SB6Ct4bnb
Score

10^/10

dridex botnet evasion payload persistence trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Shellcode
  Detects Dridex Payload shellcode injected in Explorer process.
  botnet payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dridexbotnetevasionpayloadpersistencetrojan

behavioral2

dridexbotnetevasionpayloadpersistencetrojan