Overview

overview

10

Static

static

3

5dd8bbc2a0...fd.dll

windows7-x64

10

5dd8bbc2a0...fd.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5dd8bbc2a06f32e7ae85158d378bf1c6ca1a03c766d36a350329958f02a77ffd

  • Size

    1.2MB

  • Sample

    241011-tkm4ns1bqa

  • MD5

    add78f4a51bc5a019c357ceb81094996

  • SHA1

    1d908cdabfa232ac577ed7ad302a4e774aa472e0

  • SHA256

    5dd8bbc2a06f32e7ae85158d378bf1c6ca1a03c766d36a350329958f02a77ffd

  • SHA512

    83b3429bc0871d28c48db7db15d44fe65e7b02fa9609fd9b357f571059c466743fa355b88163e48d36c7e9c8f16ff03080781feb282a5770d51c8bf5ba545298

  • SSDEEP

    12288:hPVKLvdxQPKSoVXxTaGcb68Uzx2TBeOWhZJpK8xy:htKTrsKSKBTSb6DUXWq8x

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      5dd8bbc2a06f32e7ae85158d378bf1c6ca1a03c766d36a350329958f02a77ffd

    • Size

      1.2MB

    • MD5

      add78f4a51bc5a019c357ceb81094996

    • SHA1

      1d908cdabfa232ac577ed7ad302a4e774aa472e0

    • SHA256

      5dd8bbc2a06f32e7ae85158d378bf1c6ca1a03c766d36a350329958f02a77ffd

    • SHA512

      83b3429bc0871d28c48db7db15d44fe65e7b02fa9609fd9b357f571059c466743fa355b88163e48d36c7e9c8f16ff03080781feb282a5770d51c8bf5ba545298

    • SSDEEP

      12288:hPVKLvdxQPKSoVXxTaGcb68Uzx2TBeOWhZJpK8xy:htKTrsKSKBTSb6DUXWq8x

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Dridex payload

      Detects Dridex x64 core DLL in memory.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks