Overview

overview

10

Static

static

3

772c9a9a59...20.dll

windows7-x64

10

772c9a9a59...20.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    772c9a9a5936ebf7ae74095e3bbc84543b533e0c07cfadc1f9359c3b95586e20

  • Size

    908KB

  • Sample

    241014-vv65zawgjb

  • MD5

    b0125ea2f2268bfbaf1303fbe6ed2b19

  • SHA1

    046b69664e5e091563dbcf675197e076aca32e79

  • SHA256

    772c9a9a5936ebf7ae74095e3bbc84543b533e0c07cfadc1f9359c3b95586e20

  • SHA512

    b3550b5eb6f07cdb4ec5e81a2c64470bea8191dda4920007fd2bdfa7c6fec977c90b7d62247b9f5d488e8df64c1abfb98494f986e353c9e143cc26eed1476099

  • SSDEEP

    12288:6qJ4FzHTx8cOjEIonNgQLtXKFg2t/KRi4Baed:6qGBHTxvt+g2gYed

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      772c9a9a5936ebf7ae74095e3bbc84543b533e0c07cfadc1f9359c3b95586e20

    • Size

      908KB

    • MD5

      b0125ea2f2268bfbaf1303fbe6ed2b19

    • SHA1

      046b69664e5e091563dbcf675197e076aca32e79

    • SHA256

      772c9a9a5936ebf7ae74095e3bbc84543b533e0c07cfadc1f9359c3b95586e20

    • SHA512

      b3550b5eb6f07cdb4ec5e81a2c64470bea8191dda4920007fd2bdfa7c6fec977c90b7d62247b9f5d488e8df64c1abfb98494f986e353c9e143cc26eed1476099

    • SSDEEP

      12288:6qJ4FzHTx8cOjEIonNgQLtXKFg2t/KRi4Baed:6qGBHTxvt+g2gYed

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Dridex payload

      Detects Dridex x64 core DLL in memory.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks