Overview

overview

10

Static

static

3

05b76b5a9b...0N.dll

windows7-x64

10

05b76b5a9b...0N.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    05b76b5a9bd812690471e49f77601b60N.exe

  • Size

    1.3MB

  • Sample

    240804-z3kddszhkg

  • MD5

    05b76b5a9bd812690471e49f77601b60

  • SHA1

    a937bc2cae7cb618db8c71dccb6ffa84f668577e

  • SHA256

    2f31806a63ab5c10dae9614dcb8702ecf21f9cc6a91262cc75934dae299b534e

  • SHA512

    547485b7dc94388f7333988d9086d504c134b79f4e99124e53c5f0f172071abf98af1d7c2f49a7b854de69c2395703d5a763c5390e615de0962b41389bfd1251

  • SSDEEP

    12288:JZgJtlQepQn+NDo7nIgegQCLDF/B9wvj/cLvVZFuwM+:JZK6F7nVeRmDFJivohZFV

Score
10/10
dridexbotnetevasionpayloadpersistenceprivilege_escalationtrojan

Malware Config

Targets

    • Target

      05b76b5a9bd812690471e49f77601b60N.exe

    • Size

      1.3MB

    • MD5

      05b76b5a9bd812690471e49f77601b60

    • SHA1

      a937bc2cae7cb618db8c71dccb6ffa84f668577e

    • SHA256

      2f31806a63ab5c10dae9614dcb8702ecf21f9cc6a91262cc75934dae299b534e

    • SHA512

      547485b7dc94388f7333988d9086d504c134b79f4e99124e53c5f0f172071abf98af1d7c2f49a7b854de69c2395703d5a763c5390e615de0962b41389bfd1251

    • SSDEEP

      12288:JZgJtlQepQn+NDo7nIgegQCLDF/B9wvj/cLvVZFuwM+:JZK6F7nVeRmDFJivohZFV

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojanprivilege_escalation

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks