Overview

overview

10

Static

static

3

486becacbf...57.dll

windows7-x64

10

486becacbf...57.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    486becacbf7f93c89448318ceacafc3fff79c6caa82e3daf4091857b33326a57

  • Size

    940KB

  • Sample

    241011-wp7pzs1apk

  • MD5

    11be54b786128e0cd33b731becbbdf42

  • SHA1

    125ab787fdffe99ef10701ffc3b39f651324a9b5

  • SHA256

    486becacbf7f93c89448318ceacafc3fff79c6caa82e3daf4091857b33326a57

  • SHA512

    10b4229d9a37c2d1b2514c27c4e6525512220f29e6e056d47a1211720829a7edd5a7c996b7c29def21cc6296a96120b907725d8b78bff5686ce809ad9628d920

  • SSDEEP

    12288:gPVKLvdxQPKSoVXxTaGcb68Uzx2TBeOWhZJpK8:gtKTrsKSKBTSb6DUXWq8

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      486becacbf7f93c89448318ceacafc3fff79c6caa82e3daf4091857b33326a57

    • Size

      940KB

    • MD5

      11be54b786128e0cd33b731becbbdf42

    • SHA1

      125ab787fdffe99ef10701ffc3b39f651324a9b5

    • SHA256

      486becacbf7f93c89448318ceacafc3fff79c6caa82e3daf4091857b33326a57

    • SHA512

      10b4229d9a37c2d1b2514c27c4e6525512220f29e6e056d47a1211720829a7edd5a7c996b7c29def21cc6296a96120b907725d8b78bff5686ce809ad9628d920

    • SSDEEP

      12288:gPVKLvdxQPKSoVXxTaGcb68Uzx2TBeOWhZJpK8:gtKTrsKSKBTSb6DUXWq8

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Dridex payload

      Detects Dridex x64 core DLL in memory.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks