dridex | c993b31ce40179bd8997e6a298875c02744cc7d07225dad945a88d7ac755515f | Triage

Submit
Reports

Overview

overview

Static

static

3

c993b31ce4...5f.dll

windows7-x64

c993b31ce4...5f.dll

windows10-2004-x64

Sharing

General

Target

c993b31ce40179bd8997e6a298875c02744cc7d07225dad945a88d7ac755515f
Size

940KB
Sample

240913-cn82waycjr
MD5

eac9db11159f94acffc10b94097debea
SHA1

c2b90ec31a8ba440f14131e5598cecdc65db300a
SHA256

c993b31ce40179bd8997e6a298875c02744cc7d07225dad945a88d7ac755515f
SHA512

4c33638e34a9dcd5f05dab7f212c3dd8c0f293f5f61eb582420171712b27474fa043f1649a6e35c07f1c32afeb981027d14c6fae1361d788c29bb5144e109911
SSDEEP

12288:H0YTYL6Mqi7W8xto9OpWswk1GNup1XhBmsUqOZEYUANgBomHGe0zcPTP3E:H0CYZWgtWkEuHXhBmLHeuWBomaiP

Score

10^/10

dridex botnet evasion payload persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c993b31ce40179bd8997e6a298875c02744cc7d07225dad945a88d7ac755515f.dll

Resource

win7-20240903-en

dridex botnet evasion payload persistence trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

c993b31ce40179bd8997e6a298875c02744cc7d07225dad945a88d7ac755515f.dll

Resource

win10v2004-20240802-en

dridex botnet evasion payload persistence trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  c993b31ce40179bd8997e6a298875c02744cc7d07225dad945a88d7ac755515f
- Size
  
  940KB
- MD5
  
  eac9db11159f94acffc10b94097debea
- SHA1
  
  c2b90ec31a8ba440f14131e5598cecdc65db300a
- SHA256
  
  c993b31ce40179bd8997e6a298875c02744cc7d07225dad945a88d7ac755515f
- SHA512
  
  4c33638e34a9dcd5f05dab7f212c3dd8c0f293f5f61eb582420171712b27474fa043f1649a6e35c07f1c32afeb981027d14c6fae1361d788c29bb5144e109911
- SSDEEP
  
  12288:H0YTYL6Mqi7W8xto9OpWswk1GNup1XhBmsUqOZEYUANgBomHGe0zcPTP3E:H0CYZWgtWkEuHXhBmLHeuWBomaiP
Score

10^/10

dridex botnet evasion payload persistence trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Shellcode
  Detects Dridex Payload shellcode injected in Explorer process.
  botnet payload
- Dridex payload
  Detects Dridex x64 core DLL in memory.
  botnet payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridexbotnetevasionpayloadpersistencetrojan

behavioral2

dridexbotnetevasionpayloadpersistencetrojan

© 2018-2025

Terms | Privacy