Overview

overview

10

Static

static

3

44b1063452...cb.dll

windows7-x64

10

44b1063452...cb.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    44b1063452fdb12ba26b5e6c2b2b1f71330b165f1ab8cbb2f199c048f519e8cb

  • Size

    940KB

  • Sample

    241011-y4fk6awgjm

  • MD5

    2d9b177ec1f707009b9a808af771d99a

  • SHA1

    a390ee7e32d4c73c0eca3b23134cd990684d4a67

  • SHA256

    44b1063452fdb12ba26b5e6c2b2b1f71330b165f1ab8cbb2f199c048f519e8cb

  • SHA512

    bcc1b7b6a32d43adfb20e81b095d842a1d7c0e197a1f742189cfbdd6fe96f24336f39de968f304ab7955ce66197aaf9ff3a99e12252eadd5adfe6ee6b94849d7

  • SSDEEP

    12288:CPVKLvdxQPKSoVXxTaGcb68Uzx2TBeOWhZJpK8:CtKTrsKSKBTSb6DUXWq8

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      44b1063452fdb12ba26b5e6c2b2b1f71330b165f1ab8cbb2f199c048f519e8cb

    • Size

      940KB

    • MD5

      2d9b177ec1f707009b9a808af771d99a

    • SHA1

      a390ee7e32d4c73c0eca3b23134cd990684d4a67

    • SHA256

      44b1063452fdb12ba26b5e6c2b2b1f71330b165f1ab8cbb2f199c048f519e8cb

    • SHA512

      bcc1b7b6a32d43adfb20e81b095d842a1d7c0e197a1f742189cfbdd6fe96f24336f39de968f304ab7955ce66197aaf9ff3a99e12252eadd5adfe6ee6b94849d7

    • SSDEEP

      12288:CPVKLvdxQPKSoVXxTaGcb68Uzx2TBeOWhZJpK8:CtKTrsKSKBTSb6DUXWq8

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Dridex payload

      Detects Dridex x64 core DLL in memory.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks