dridex | c4784888df9455b9bfb968f5a850a7d3496602ac4bb89850a72196c6b019a5c7 | Triage

Submit
Reports

Overview

overview

Static

static

3

5d61778105...18.dll

windows7-x64

5d61778105...18.dll

windows10-2004-x64

Sharing

General

Target

5d6177810543ee42ca372068d7fde06c_JaffaCakes118
Size

1.3MB
Sample

240520-f2exqsdd98
MD5

5d6177810543ee42ca372068d7fde06c
SHA1

bbdf85276539faac9f3224b69ed3137ff7de041b
SHA256

c4784888df9455b9bfb968f5a850a7d3496602ac4bb89850a72196c6b019a5c7
SHA512

ffcde566ba83b642c5c592f6ebd408712feff1c6abb2f1256f4b341b659b8a7d76a1b427664851b14e47c9e6ef6ecd06afd7f60aa8b9c5d4aa8a85f834ef1f12
SSDEEP

24576:IVHchfFcSTdS1ZikTqpaIJvzSqbY/0Z2ZlECMNXkTlzvmJL870:IV8hf6STw1ZlQauvzSq01ICe6zvm

Score

10^/10

dridex botnet evasion payload persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5d6177810543ee42ca372068d7fde06c_JaffaCakes118.dll

Resource

win7-20240221-en

dridex botnet evasion payload persistence trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

5d6177810543ee42ca372068d7fde06c_JaffaCakes118.dll

Resource

win10v2004-20240426-en

dridex botnet evasion payload persistence trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  5d6177810543ee42ca372068d7fde06c_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  5d6177810543ee42ca372068d7fde06c
- SHA1
  
  bbdf85276539faac9f3224b69ed3137ff7de041b
- SHA256
  
  c4784888df9455b9bfb968f5a850a7d3496602ac4bb89850a72196c6b019a5c7
- SHA512
  
  ffcde566ba83b642c5c592f6ebd408712feff1c6abb2f1256f4b341b659b8a7d76a1b427664851b14e47c9e6ef6ecd06afd7f60aa8b9c5d4aa8a85f834ef1f12
- SSDEEP
  
  24576:IVHchfFcSTdS1ZikTqpaIJvzSqbY/0Z2ZlECMNXkTlzvmJL870:IV8hf6STw1ZlQauvzSq01ICe6zvm
Score

10^/10

dridex botnet evasion payload persistence trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Shellcode
  Detects Dridex Payload shellcode injected in Explorer process.
  botnet payload
- Modifies Installed Components in the registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridexbotnetevasionpayloadpersistencetrojan

behavioral2

dridexbotnetevasionpayloadpersistencetrojan

© 2018-2024

Terms | Privacy