Overview

overview

10

Static

static

3

2c95150a2a...eN.dll

windows7-x64

10

2c95150a2a...eN.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2c95150a2a42eb2f3393614566c343be1775ec323f2e468cef069e91a6feb7deN

  • Size

    1.2MB

  • Sample

    240919-l9cp8stemm

  • MD5

    19bc6fec7b7314abf0768d9d7164a4d0

  • SHA1

    36c9ef09c516d62c1b1bc07062764c7cf4619e43

  • SHA256

    2c95150a2a42eb2f3393614566c343be1775ec323f2e468cef069e91a6feb7de

  • SHA512

    0f229a6c8546871b01e8ebb60720bc037a4d31bab95d49d843afdbc45d532f201fe0406550f74cc900eb8b3eadbcd2a0024529a2c223147f346f52c4b663b8ac

  • SSDEEP

    12288:qxE0waBckFdlxVRZ1hcyknDb3PTdcGvnx10k2d2Y6q2mQpx:aZLVJxVHfcLnDTZcG/xmk2d2qZw

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      2c95150a2a42eb2f3393614566c343be1775ec323f2e468cef069e91a6feb7deN

    • Size

      1.2MB

    • MD5

      19bc6fec7b7314abf0768d9d7164a4d0

    • SHA1

      36c9ef09c516d62c1b1bc07062764c7cf4619e43

    • SHA256

      2c95150a2a42eb2f3393614566c343be1775ec323f2e468cef069e91a6feb7de

    • SHA512

      0f229a6c8546871b01e8ebb60720bc037a4d31bab95d49d843afdbc45d532f201fe0406550f74cc900eb8b3eadbcd2a0024529a2c223147f346f52c4b663b8ac

    • SSDEEP

      12288:qxE0waBckFdlxVRZ1hcyknDb3PTdcGvnx10k2d2Y6q2mQpx:aZLVJxVHfcLnDTZcG/xmk2d2qZw

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Dridex payload

      Detects Dridex x64 core DLL in memory.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks