Overview

overview

10

Static

static

3

af901d0533...00.dll

windows7-x64

10

af901d0533...00.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    af901d0533a3adcfec12e7844859f70bd22dffc6e83c54fd48cf13cdabc77600

  • Size

    904KB

  • Sample

    241014-vv65zazhnm

  • MD5

    40d159e05ca3922e4c803ccf5614a085

  • SHA1

    577e7196c8d2a022a49cc0381f9dea716c577be4

  • SHA256

    af901d0533a3adcfec12e7844859f70bd22dffc6e83c54fd48cf13cdabc77600

  • SHA512

    6be1af6877eea2b53ecfdd32596ba9b8465b3885537cb7847a9795b2f92effdf8fafeb654113bceca62c83045fe9c717a2543ee215543b517c85d420745fa67f

  • SSDEEP

    12288:SqJ4FzHTx8cOjEIonNgQLtXKFg2t/KRi4Baed:SqGBHTxvt+g2gYed

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      af901d0533a3adcfec12e7844859f70bd22dffc6e83c54fd48cf13cdabc77600

    • Size

      904KB

    • MD5

      40d159e05ca3922e4c803ccf5614a085

    • SHA1

      577e7196c8d2a022a49cc0381f9dea716c577be4

    • SHA256

      af901d0533a3adcfec12e7844859f70bd22dffc6e83c54fd48cf13cdabc77600

    • SHA512

      6be1af6877eea2b53ecfdd32596ba9b8465b3885537cb7847a9795b2f92effdf8fafeb654113bceca62c83045fe9c717a2543ee215543b517c85d420745fa67f

    • SSDEEP

      12288:SqJ4FzHTx8cOjEIonNgQLtXKFg2t/KRi4Baed:SqGBHTxvt+g2gYed

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Dridex payload

      Detects Dridex x64 core DLL in memory.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks