Overview

overview

10

Static

static

3

d8f78241f9...aN.dll

windows7-x64

10

d8f78241f9...aN.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d8f78241f9e732ff57f1f307c99d7e27796829927283172653634470ab9b90aaN.exe

  • Size

    900KB

  • Sample

    240924-xz4azszgrm

  • MD5

    338b828676d1d088ed1bd3a335e9b780

  • SHA1

    4bc3d044e35d9953a71ac426c212b6a3c9de509c

  • SHA256

    d8f78241f9e732ff57f1f307c99d7e27796829927283172653634470ab9b90aa

  • SHA512

    f4f97fcba6d28aad4cc05408cb97e96603b6cab093317457cf72a4c2474114d7dfbb85e0b1f381e1a56c55221db7f4d1cec54e846c31349258f4dd72e0d702e3

  • SSDEEP

    12288:MGVNJAvuPFUl/faxmVlBLXKCgFfEK7JRLeHlX//ve7Y:t3JAvRl/fKQKCgFfx4P/vaY

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      d8f78241f9e732ff57f1f307c99d7e27796829927283172653634470ab9b90aaN.exe

    • Size

      900KB

    • MD5

      338b828676d1d088ed1bd3a335e9b780

    • SHA1

      4bc3d044e35d9953a71ac426c212b6a3c9de509c

    • SHA256

      d8f78241f9e732ff57f1f307c99d7e27796829927283172653634470ab9b90aa

    • SHA512

      f4f97fcba6d28aad4cc05408cb97e96603b6cab093317457cf72a4c2474114d7dfbb85e0b1f381e1a56c55221db7f4d1cec54e846c31349258f4dd72e0d702e3

    • SSDEEP

      12288:MGVNJAvuPFUl/faxmVlBLXKCgFfEK7JRLeHlX//ve7Y:t3JAvRl/fKQKCgFfx4P/vaY

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks