dridex | 6ee00d8356339095b8dcc714a2b6c5bc438ca13a0b292963918b2702cdd5e75a | Triage

Submit
Reports

Overview

overview

Static

static

3

5d854e90c9...18.dll

windows7-x64

5d854e90c9...18.dll

windows10-2004-x64

Sharing

General

Target

5d854e90c9ce59c4a156aa7818aec934_JaffaCakes118
Size

1.4MB
Sample

240520-gpwkdsef27
MD5

5d854e90c9ce59c4a156aa7818aec934
SHA1

8ea2082c93e1bd69b654750b324ca6441874231b
SHA256

6ee00d8356339095b8dcc714a2b6c5bc438ca13a0b292963918b2702cdd5e75a
SHA512

7d39f53fa199f5ed6a440d3418b489a268884e355e012b132d25914dbb52d586d048f298a5bde3749661006a050ec1330adb2ecf6819dcb22a640892f7786806
SSDEEP

24576:yuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:a9cKrUqZWLAcU

Score

10^/10

dridex botnet evasion payload persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5d854e90c9ce59c4a156aa7818aec934_JaffaCakes118.dll

Resource

win7-20240215-en

dridex botnet evasion payload persistence trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

5d854e90c9ce59c4a156aa7818aec934_JaffaCakes118.dll

Resource

win10v2004-20240226-en

dridex botnet evasion payload persistence trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  5d854e90c9ce59c4a156aa7818aec934_JaffaCakes118
- Size
  
  1.4MB
- MD5
  
  5d854e90c9ce59c4a156aa7818aec934
- SHA1
  
  8ea2082c93e1bd69b654750b324ca6441874231b
- SHA256
  
  6ee00d8356339095b8dcc714a2b6c5bc438ca13a0b292963918b2702cdd5e75a
- SHA512
  
  7d39f53fa199f5ed6a440d3418b489a268884e355e012b132d25914dbb52d586d048f298a5bde3749661006a050ec1330adb2ecf6819dcb22a640892f7786806
- SSDEEP
  
  24576:yuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:a9cKrUqZWLAcU
Score

10^/10

dridex botnet evasion payload persistence trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Shellcode
  Detects Dridex Payload shellcode injected in Explorer process.
  botnet payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dridexbotnetevasionpayloadpersistencetrojan

behavioral2

dridexbotnetevasionpayloadpersistencetrojan

© 2018-2024

Terms | Privacy