Overview

overview

10

Static

static

3

1b5c27cfe8...d2.dll

windows7-x64

10

1b5c27cfe8...d2.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1b5c27cfe83c97a8a00dffd74caa9464e5a52bd2ffcac5382db378ef008f49d2

  • Size

    1.5MB

  • Sample

    241012-bh5a3athkf

  • MD5

    39273691ed194c18055810147be4d04f

  • SHA1

    09e52e5ef498c927672313f1b9899d0697929bf1

  • SHA256

    1b5c27cfe83c97a8a00dffd74caa9464e5a52bd2ffcac5382db378ef008f49d2

  • SHA512

    923ab6d6db240e2605ae869ee9c05bc3bf15889c516a5a0fa7483065fb6a539dbcc28eaa1ad44ec7569da980117bca055255abf370fb6e2ba1846f283135859c

  • SSDEEP

    12288:lXBQ3fMQyWV0rbDxyBWZh2TvtgHoiemIKI1ydX7wmqzq3wkgJ:5B/Qn0rbD8UZUDtgIiemI51Mwtewkm

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      1b5c27cfe83c97a8a00dffd74caa9464e5a52bd2ffcac5382db378ef008f49d2

    • Size

      1.5MB

    • MD5

      39273691ed194c18055810147be4d04f

    • SHA1

      09e52e5ef498c927672313f1b9899d0697929bf1

    • SHA256

      1b5c27cfe83c97a8a00dffd74caa9464e5a52bd2ffcac5382db378ef008f49d2

    • SHA512

      923ab6d6db240e2605ae869ee9c05bc3bf15889c516a5a0fa7483065fb6a539dbcc28eaa1ad44ec7569da980117bca055255abf370fb6e2ba1846f283135859c

    • SSDEEP

      12288:lXBQ3fMQyWV0rbDxyBWZh2TvtgHoiemIKI1ydX7wmqzq3wkgJ:5B/Qn0rbD8UZUDtgIiemI51Mwtewkm

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Dridex payload

      Detects Dridex x64 core DLL in memory.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks