General
-
Target
Trojan.Win64.Dridex.ASFS.MTB-3f3ad389e9541bbce7ff09e031de4105c89ad468be01b7ef7310f189e2b98642N
-
Size
968KB
-
Sample
240916-d9gp7axdng
-
MD5
2f6f37b1fbcaef784678f6c7c28b0000
-
SHA1
a95e2e1be2d3ff1981431b0410d085c26f3cee23
-
SHA256
3f3ad389e9541bbce7ff09e031de4105c89ad468be01b7ef7310f189e2b98642
-
SHA512
00a7e7919324f165262a70fcdd581b68ce7ff8a7ced313b6f8ba8511f20caf2c002a8bdc803a21d5263fde986691112649653ecf6a4fe27bdaab9248cf16e197
-
SSDEEP
12288:LfJV6EzPTIzQF9mVz5wYacR/8HiFeQBsjgyvunuAoA2U3PxyWhD:LhVXu8mZ5racR/xFejmnuAD2U3Prh
Malware Config
Targets
-
-
Target
Trojan.Win64.Dridex.ASFS.MTB-3f3ad389e9541bbce7ff09e031de4105c89ad468be01b7ef7310f189e2b98642N
-
Size
968KB
-
MD5
2f6f37b1fbcaef784678f6c7c28b0000
-
SHA1
a95e2e1be2d3ff1981431b0410d085c26f3cee23
-
SHA256
3f3ad389e9541bbce7ff09e031de4105c89ad468be01b7ef7310f189e2b98642
-
SHA512
00a7e7919324f165262a70fcdd581b68ce7ff8a7ced313b6f8ba8511f20caf2c002a8bdc803a21d5263fde986691112649653ecf6a4fe27bdaab9248cf16e197
-
SSDEEP
12288:LfJV6EzPTIzQF9mVz5wYacR/8HiFeQBsjgyvunuAoA2U3PxyWhD:LhVXu8mZ5racR/xFejmnuAD2U3Prh
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Shellcode
Detects Dridex Payload shellcode injected in Explorer process.
-
Dridex payload
Detects Dridex x64 core DLL in memory.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-