Overview

overview

10

Static

static

3

7c3a8e39ca...0N.dll

windows7-x64

10

7c3a8e39ca...0N.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7c3a8e39caaba9e165b6efabcc252390N.exe

  • Size

    1.2MB

  • Sample

    240813-f3admswejh

  • MD5

    7c3a8e39caaba9e165b6efabcc252390

  • SHA1

    60d37686a60274736af35b4c2b925d02fe78b551

  • SHA256

    95e951126f8b7bbc7efe78abad5a9d6db1a53675843cb48847377b8cbfbdc67f

  • SHA512

    e08a4c05041bbc83772e31d472547ee0ddb0c246e9eaa271952d40410cc8a573b920e7d1375d6708598a3b7ca9846b152466d4451bc16a3555ea36c84679f66d

  • SSDEEP

    12288:mZgJtlQepQn+NDo7nIgegQCLDF/B9wvj/cLvVZFuw:mZK6F7nVeRmDFJivohZFV

Score
10/10
dridexbotnetevasionpayloadpersistenceprivilege_escalationtrojan

Malware Config

Targets

    • Target

      7c3a8e39caaba9e165b6efabcc252390N.exe

    • Size

      1.2MB

    • MD5

      7c3a8e39caaba9e165b6efabcc252390

    • SHA1

      60d37686a60274736af35b4c2b925d02fe78b551

    • SHA256

      95e951126f8b7bbc7efe78abad5a9d6db1a53675843cb48847377b8cbfbdc67f

    • SHA512

      e08a4c05041bbc83772e31d472547ee0ddb0c246e9eaa271952d40410cc8a573b920e7d1375d6708598a3b7ca9846b152466d4451bc16a3555ea36c84679f66d

    • SSDEEP

      12288:mZgJtlQepQn+NDo7nIgegQCLDF/B9wvj/cLvVZFuw:mZK6F7nVeRmDFJivohZFV

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojanprivilege_escalation

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks