dridex | 21280839f181a8a6ec98610ac1892982f615436d181dc3b61c1757110c30d55b | Triage

Sharing

General

Target

f145ded8adffede5b3d53034a30e3e02_JaffaCakes118
Size

660KB
Sample

240415-rrnbxage86
MD5

f145ded8adffede5b3d53034a30e3e02
SHA1

d505fc84e34375b15500eb872b19e94421ded6b1
SHA256

21280839f181a8a6ec98610ac1892982f615436d181dc3b61c1757110c30d55b
SHA512

7306e149a6bd1c7952705821da0bdd3d83e3827ead79d5f7cea472d641f9b22baad49fa15d6db9c99e54ffa1582b343b6a8215fad4d65bd72197b93b8ba0288d
SSDEEP

12288:tKYQ5LL540CV3UIeLPrleV1F0e8gMA/9L0l3HATpKR4:MYQ5p4f0POF0nkls3opKR

Score

10^/10

dridex botnet evasion payload persistence trojan

Malware Config

Targets

- Target
  
  f145ded8adffede5b3d53034a30e3e02_JaffaCakes118
- Size
  
  660KB
- MD5
  
  f145ded8adffede5b3d53034a30e3e02
- SHA1
  
  d505fc84e34375b15500eb872b19e94421ded6b1
- SHA256
  
  21280839f181a8a6ec98610ac1892982f615436d181dc3b61c1757110c30d55b
- SHA512
  
  7306e149a6bd1c7952705821da0bdd3d83e3827ead79d5f7cea472d641f9b22baad49fa15d6db9c99e54ffa1582b343b6a8215fad4d65bd72197b93b8ba0288d
- SSDEEP
  
  12288:tKYQ5LL540CV3UIeLPrleV1F0e8gMA/9L0l3HATpKR4:MYQ5p4f0POF0nkls3opKR
Score

10^/10

dridex botnet evasion payload persistence trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Shellcode
  Detects Dridex Payload shellcode injected in Explorer process.
  botnet payload
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dridexbotnetevasionpayloadpersistencetrojan

behavioral2

dridexbotnetevasionpayloadpersistencetrojan