dridex | f929aa41bdd0ed0a0caaa89a180f6f5aec0fda92fcf627e80c7838bb8e86e7d1 | Triage

Sharing

General

Target

3e3c3c8c63d07d53471c045b4b8436f8_JaffaCakes118
Size

1.2MB
Sample

240513-hnp7nabc2w
MD5

3e3c3c8c63d07d53471c045b4b8436f8
SHA1

91dbeda1577541b699330a9c923888d2409e3e17
SHA256

f929aa41bdd0ed0a0caaa89a180f6f5aec0fda92fcf627e80c7838bb8e86e7d1
SHA512

7bb1fb036e417ab8ec2ce2866974051703606bb16d0227e0970e4b09eecfb4d2dadda06d5b14c22303fa83b14901f019c3b3efff4e39cf5788f6ea76721fea2d
SSDEEP

24576:7yTonNVlKTt/Q5ECvVP7hpJMvjtKpvPf9+m6kLRqgSyI:7yWRKTt/QlPVp3h9

Score

10^/10

dridex botnet evasion payload persistence trojan

Malware Config

Targets

- Target
  
  3e3c3c8c63d07d53471c045b4b8436f8_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  3e3c3c8c63d07d53471c045b4b8436f8
- SHA1
  
  91dbeda1577541b699330a9c923888d2409e3e17
- SHA256
  
  f929aa41bdd0ed0a0caaa89a180f6f5aec0fda92fcf627e80c7838bb8e86e7d1
- SHA512
  
  7bb1fb036e417ab8ec2ce2866974051703606bb16d0227e0970e4b09eecfb4d2dadda06d5b14c22303fa83b14901f019c3b3efff4e39cf5788f6ea76721fea2d
- SSDEEP
  
  24576:7yTonNVlKTt/Q5ECvVP7hpJMvjtKpvPf9+m6kLRqgSyI:7yWRKTt/QlPVp3h9
Score

10^/10

dridex botnet evasion payload persistence trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Shellcode
  Detects Dridex Payload shellcode injected in Explorer process.
  botnet payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dridexbotnetevasionpayloadpersistencetrojan

behavioral2

dridexbotnetevasionpayloadpersistencetrojan