dridex | a4028b0f6604c7aeecc2330ee67997f99ffe70e21215f9aeedf017967be7d9e2 | Triage

Submit
Reports

Overview

overview

Static

static

3

6bea9c1a00...18.dll

windows7-x64

6bea9c1a00...18.dll

windows10-2004-x64

Sharing

General

Target

6bea9c1a003870ad52df8b2eb97fe986_JaffaCakes118
Size

1.4MB
Sample

240523-xexmpscc96
MD5

6bea9c1a003870ad52df8b2eb97fe986
SHA1

06ba82c8b99a00e35eee2bdda767680958e14cb8
SHA256

a4028b0f6604c7aeecc2330ee67997f99ffe70e21215f9aeedf017967be7d9e2
SHA512

2756a44868022d3706703628aba56cc8b2ce687e0adace62248b33576fed7b7d9d289a33aa3cae5e16120d3504f8d57d770cd503ce3d35674d76fe004c296689
SSDEEP

24576:RVHchfFcSTdS1ZikTqpaIJvzSqbY/0Z2ZlECMNXkTlzvmJL8:RV8hf6STw1ZlQauvzSq01ICe6zvm

Score

10^/10

dridex botnet evasion payload persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6bea9c1a003870ad52df8b2eb97fe986_JaffaCakes118.dll

Resource

win7-20240508-en

dridex botnet evasion payload persistence trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

6bea9c1a003870ad52df8b2eb97fe986_JaffaCakes118.dll

Resource

win10v2004-20240508-en

dridex botnet evasion payload persistence trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  6bea9c1a003870ad52df8b2eb97fe986_JaffaCakes118
- Size
  
  1.4MB
- MD5
  
  6bea9c1a003870ad52df8b2eb97fe986
- SHA1
  
  06ba82c8b99a00e35eee2bdda767680958e14cb8
- SHA256
  
  a4028b0f6604c7aeecc2330ee67997f99ffe70e21215f9aeedf017967be7d9e2
- SHA512
  
  2756a44868022d3706703628aba56cc8b2ce687e0adace62248b33576fed7b7d9d289a33aa3cae5e16120d3504f8d57d770cd503ce3d35674d76fe004c296689
- SSDEEP
  
  24576:RVHchfFcSTdS1ZikTqpaIJvzSqbY/0Z2ZlECMNXkTlzvmJL8:RV8hf6STw1ZlQauvzSq01ICe6zvm
Score

10^/10

dridex botnet evasion payload persistence trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Shellcode
  Detects Dridex Payload shellcode injected in Explorer process.
  botnet payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dridexbotnetevasionpayloadpersistencetrojan

behavioral2

dridexbotnetevasionpayloadpersistencetrojan

© 2018-2024

Terms | Privacy