Overview

overview

10

Static

static

3

82bbb37f2e...8b.dll

windows7-x64

10

82bbb37f2e...8b.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    82bbb37f2ea3e1afd819a87eba997c908ba7b061bdb28880e11bf490f6b6c48b

  • Size

    720KB

  • Sample

    241014-x3p8jawbmp

  • MD5

    063b08ece19964bb44c048bdaf338d0c

  • SHA1

    629c98179cd6f9dd0d642305ba7ce56525833c6c

  • SHA256

    82bbb37f2ea3e1afd819a87eba997c908ba7b061bdb28880e11bf490f6b6c48b

  • SHA512

    c9374043f8b06799b2fc49c88c5b26e838dbd9ac28f87fa4293cbd1775b67d1ded3eacd62c02c4230c694114f65b078dfa6fb196510e0106c9e32a96bd1484f7

  • SSDEEP

    12288:HqJ4FzHTx8cOjEIonNgQLtXKFg2t/KRi4BaedXlS:HqGBHTxvt+g2gYedXlS

Score
10/10
dridexbotnetevasionpayloadpersistenceprivilege_escalationtrojan

Malware Config

Targets

    • Target

      82bbb37f2ea3e1afd819a87eba997c908ba7b061bdb28880e11bf490f6b6c48b

    • Size

      720KB

    • MD5

      063b08ece19964bb44c048bdaf338d0c

    • SHA1

      629c98179cd6f9dd0d642305ba7ce56525833c6c

    • SHA256

      82bbb37f2ea3e1afd819a87eba997c908ba7b061bdb28880e11bf490f6b6c48b

    • SHA512

      c9374043f8b06799b2fc49c88c5b26e838dbd9ac28f87fa4293cbd1775b67d1ded3eacd62c02c4230c694114f65b078dfa6fb196510e0106c9e32a96bd1484f7

    • SSDEEP

      12288:HqJ4FzHTx8cOjEIonNgQLtXKFg2t/KRi4BaedXlS:HqGBHTxvt+g2gYedXlS

    Score
    10/10
    dridexbotnetevasionpayloadpersistenceprivilege_escalationtrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Dridex payload

      Detects Dridex x64 core DLL in memory.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks