dridex | 8ca0b95833e6c67069f7d52cb78f4a7797d4e49f39732f10a7c704108b9c6bd0 | Triage

Sharing

General

Target

f5890e40ff7a685945058734e9649157_JaffaCakes118
Size

2.2MB
Sample

240417-l8v57abg52
MD5

f5890e40ff7a685945058734e9649157
SHA1

5bdbdbd9b3fdf3965712540ed80f577ef0c96d12
SHA256

8ca0b95833e6c67069f7d52cb78f4a7797d4e49f39732f10a7c704108b9c6bd0
SHA512

1a739cd30c1c21fc1a33a6e9fb902fca70943e4ac0529fca3e1a3f1d665ef4469b656178879df8889f2b728526c614689be6185e510d463782b87f6935d82c88
SSDEEP

12288:KVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:XfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Score

10^/10

dridex botnet evasion payload persistence trojan

Malware Config

Targets

- Target
  
  f5890e40ff7a685945058734e9649157_JaffaCakes118
- Size
  
  2.2MB
- MD5
  
  f5890e40ff7a685945058734e9649157
- SHA1
  
  5bdbdbd9b3fdf3965712540ed80f577ef0c96d12
- SHA256
  
  8ca0b95833e6c67069f7d52cb78f4a7797d4e49f39732f10a7c704108b9c6bd0
- SHA512
  
  1a739cd30c1c21fc1a33a6e9fb902fca70943e4ac0529fca3e1a3f1d665ef4469b656178879df8889f2b728526c614689be6185e510d463782b87f6935d82c88
- SSDEEP
  
  12288:KVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:XfP7fWsK5z9A+WGAW+V5SB6Ct4bnb
Score

10^/10

dridex botnet evasion payload persistence trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Shellcode
  Detects Dridex Payload shellcode injected in Explorer process.
  botnet payload
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dridexbotnetevasionpayloadpersistencetrojan

behavioral2

dridexbotnetevasionpayloadpersistencetrojan