dridex | 0f03f9d5f8d994375513f8839941e3784843030583098a0b7baace0ef9c896a8 | Triage

Submit
Reports

Overview

overview

Static

static

3

2ff600654e...18.dll

windows7-x64

2ff600654e...18.dll

windows10-2004-x64

Sharing

General

Target

2ff600654e8bc24df8ca6ae128b918c1_JaffaCakes118
Size

1.2MB
Sample

240510-tnwj8ahd68
MD5

2ff600654e8bc24df8ca6ae128b918c1
SHA1

8a77bb477ae20d0376cabf30661e79d01b0b9262
SHA256

0f03f9d5f8d994375513f8839941e3784843030583098a0b7baace0ef9c896a8
SHA512

5f92fbd30bf99d66b3571d0c66b3e65e678aaa04bc239630b7ba7da452544fa790df4f96d2e9e41928bc48bf23ca193668fc0ad813ddce6217cfb2bddb3555d8
SSDEEP

24576:5uYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:r9cKrUqZWLAcU

Score

10^/10

dridex botnet evasion payload persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2ff600654e8bc24df8ca6ae128b918c1_JaffaCakes118.dll

Resource

win7-20240221-en

dridex botnet evasion payload persistence trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

2ff600654e8bc24df8ca6ae128b918c1_JaffaCakes118.dll

Resource

win10v2004-20240508-en

dridex botnet evasion payload persistence trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  2ff600654e8bc24df8ca6ae128b918c1_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  2ff600654e8bc24df8ca6ae128b918c1
- SHA1
  
  8a77bb477ae20d0376cabf30661e79d01b0b9262
- SHA256
  
  0f03f9d5f8d994375513f8839941e3784843030583098a0b7baace0ef9c896a8
- SHA512
  
  5f92fbd30bf99d66b3571d0c66b3e65e678aaa04bc239630b7ba7da452544fa790df4f96d2e9e41928bc48bf23ca193668fc0ad813ddce6217cfb2bddb3555d8
- SSDEEP
  
  24576:5uYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:r9cKrUqZWLAcU
Score

10^/10

dridex botnet evasion payload persistence trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Shellcode
  Detects Dridex Payload shellcode injected in Explorer process.
  botnet payload
- Modifies Installed Components in the registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridexbotnetevasionpayloadpersistencetrojan

behavioral2

dridexbotnetevasionpayloadpersistencetrojan

© 2018-2024

Terms | Privacy