dridex | cd1bd457f42d8afb53753b2e986ad3b7bfee9e0ba1bf97c3f71eda63433d77e4 | Triage

Submit
Reports

Overview

overview

Static

static

3

d8cf023eb8...18.dll

windows7-x64

d8cf023eb8...18.dll

windows10-2004-x64

Sharing

General

Target

d8cf023eb8750f452b685ed59fe62820_JaffaCakes118
Size

1.2MB
Sample

240910-w7pbcszckd
MD5

d8cf023eb8750f452b685ed59fe62820
SHA1

b4be377b765f4efbee22a39d3d55bdbf0556477e
SHA256

cd1bd457f42d8afb53753b2e986ad3b7bfee9e0ba1bf97c3f71eda63433d77e4
SHA512

41c72ff1cecea5ee4f4e80d3b5b15c6da227ab0b3c1ae884717e21eb22b38fe5430cef6421cbaa092bf5f137b47a35b4c1eb7cf91cd0e116880fdb8c656ae5f0
SSDEEP

24576:DuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:t9cKrUqZWLAcU

Score

10^/10

dridex botnet evasion payload persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d8cf023eb8750f452b685ed59fe62820_JaffaCakes118.dll

Resource

win7-20240903-en

dridex botnet evasion payload persistence trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

d8cf023eb8750f452b685ed59fe62820_JaffaCakes118.dll

Resource

win10v2004-20240802-en

dridex botnet evasion payload persistence trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  d8cf023eb8750f452b685ed59fe62820_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  d8cf023eb8750f452b685ed59fe62820
- SHA1
  
  b4be377b765f4efbee22a39d3d55bdbf0556477e
- SHA256
  
  cd1bd457f42d8afb53753b2e986ad3b7bfee9e0ba1bf97c3f71eda63433d77e4
- SHA512
  
  41c72ff1cecea5ee4f4e80d3b5b15c6da227ab0b3c1ae884717e21eb22b38fe5430cef6421cbaa092bf5f137b47a35b4c1eb7cf91cd0e116880fdb8c656ae5f0
- SSDEEP
  
  24576:DuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:t9cKrUqZWLAcU
Score

10^/10

dridex botnet evasion payload persistence trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Shellcode
  Detects Dridex Payload shellcode injected in Explorer process.
  botnet payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridexbotnetevasionpayloadpersistencetrojan

behavioral2

dridexbotnetevasionpayloadpersistencetrojan

© 2018-2024

Terms | Privacy