dridex | 3d449ea0c6fff71b470c6f67645402d3a298992fad75df90c9beecf2b97abb75 | Triage

Sharing

General

Target

f51fa980fe11d1119e65babd70ce60db_JaffaCakes118
Size

1.4MB
Sample

240417-f2d1faee99
MD5

f51fa980fe11d1119e65babd70ce60db
SHA1

d0387a6d9a75f7e2f9831c7ccf90f76ff4986c98
SHA256

3d449ea0c6fff71b470c6f67645402d3a298992fad75df90c9beecf2b97abb75
SHA512

75cdec3a714e1ae85097a2793cfa4107ab2e861bc72ff05648e29d882bd2825733e98746c6c0292fea4a3ecf0c946f74d2b85bc09f2f9689bf40af422f797d33
SSDEEP

12288:QVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:VfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Score

10^/10

dridex botnet evasion payload persistence trojan

Malware Config

Targets

- Target
  
  f51fa980fe11d1119e65babd70ce60db_JaffaCakes118
- Size
  
  1.4MB
- MD5
  
  f51fa980fe11d1119e65babd70ce60db
- SHA1
  
  d0387a6d9a75f7e2f9831c7ccf90f76ff4986c98
- SHA256
  
  3d449ea0c6fff71b470c6f67645402d3a298992fad75df90c9beecf2b97abb75
- SHA512
  
  75cdec3a714e1ae85097a2793cfa4107ab2e861bc72ff05648e29d882bd2825733e98746c6c0292fea4a3ecf0c946f74d2b85bc09f2f9689bf40af422f797d33
- SSDEEP
  
  12288:QVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:VfP7fWsK5z9A+WGAW+V5SB6Ct4bnb
Score

10^/10

dridex botnet evasion payload persistence trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Shellcode
  Detects Dridex Payload shellcode injected in Explorer process.
  botnet payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dridexbotnetevasionpayloadpersistencetrojan

behavioral2

dridexbotnetevasionpayloadpersistencetrojan