dridex | a3c82a5d0423dd286da22159254ce44db5fadc717abfe58240ab7bbf1acfd252 | Triage

Submit
Reports

Overview

overview

Static

static

3

a3c82a5d04...52.dll

windows7-x64

a3c82a5d04...52.dll

windows10-2004-x64

Sharing

General

Target

a3c82a5d0423dd286da22159254ce44db5fadc717abfe58240ab7bbf1acfd252
Size

936KB
Sample

241011-wr1z8a1bmp
MD5

03b5687f88d38e7633c38da183cf2136
SHA1

bc436ad961d5695942a16cdaf5537557303ed395
SHA256

a3c82a5d0423dd286da22159254ce44db5fadc717abfe58240ab7bbf1acfd252
SHA512

cbea474e44f0c9cff8cf9d4cc1dfcc3578bb49030668fbd0f5fdcc01cf110cb5582a833a2abeae39b17ea2366d6d2706231bfcae56c7c1db0da11039c528ec68
SSDEEP

12288:LPVKLvdxQPKSoVXxTaGcb68Uzx2TBeOWhZJpK8:LtKTrsKSKBTSb6DUXWq8

Score

10^/10

dridex botnet evasion payload persistence privilege_escalation trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a3c82a5d0423dd286da22159254ce44db5fadc717abfe58240ab7bbf1acfd252.dll

Resource

win7-20240903-en

dridex botnet evasion payload persistence trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

a3c82a5d0423dd286da22159254ce44db5fadc717abfe58240ab7bbf1acfd252.dll

Resource

win10v2004-20241007-en

dridex botnet evasion payload persistence privilege_escalation trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  a3c82a5d0423dd286da22159254ce44db5fadc717abfe58240ab7bbf1acfd252
- Size
  
  936KB
- MD5
  
  03b5687f88d38e7633c38da183cf2136
- SHA1
  
  bc436ad961d5695942a16cdaf5537557303ed395
- SHA256
  
  a3c82a5d0423dd286da22159254ce44db5fadc717abfe58240ab7bbf1acfd252
- SHA512
  
  cbea474e44f0c9cff8cf9d4cc1dfcc3578bb49030668fbd0f5fdcc01cf110cb5582a833a2abeae39b17ea2366d6d2706231bfcae56c7c1db0da11039c528ec68
- SSDEEP
  
  12288:LPVKLvdxQPKSoVXxTaGcb68Uzx2TBeOWhZJpK8:LtKTrsKSKBTSb6DUXWq8
Score

10^/10

dridex botnet evasion payload persistence trojan privilege_escalation
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Shellcode
  Detects Dridex Payload shellcode injected in Explorer process.
  botnet payload
- Dridex payload
  Detects Dridex x64 core DLL in memory.
  botnet payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Accessibility Features

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Accessibility Features

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridexbotnetevasionpayloadpersistencetrojan

behavioral2

dridexbotnetevasionpayloadpersistenceprivilege_escalationtrojan

© 2018-2024

Terms | Privacy