dridex | 6148532826cdbfc9b12295ce641021f22336459ea6f5cd2de43dec5f18e648bf | Triage

Submit
Reports

Overview

overview

Static

static

3

6148532826...bf.dll

windows7-x64

6148532826...bf.dll

windows10-2004-x64

Sharing

General

Target

6148532826cdbfc9b12295ce641021f22336459ea6f5cd2de43dec5f18e648bf
Size

728KB
Sample

241014-x67xrawcqp
MD5

3a325295832f70c883b27b87efa606c6
SHA1

920e9216016a61f1323024604facdb3fa3d4739a
SHA256

6148532826cdbfc9b12295ce641021f22336459ea6f5cd2de43dec5f18e648bf
SHA512

8908496ecd06be35afaf723601ec8478f8b6d1805bf390f5fbb2301db21d0872b0b63f4dbdfb1f9d03db8ecd721a697a49a6eb79d6d5d3e2f173e3176cc7c05f
SSDEEP

12288:pqJ4FzHTx8cOjEIonNgQLtXKFg2t/KRi4Baed:pqGBHTxvt+g2gYed

Score

10^/10

dridex botnet evasion payload persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6148532826cdbfc9b12295ce641021f22336459ea6f5cd2de43dec5f18e648bf.dll

Resource

win7-20240903-en

dridex botnet evasion payload persistence trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

6148532826cdbfc9b12295ce641021f22336459ea6f5cd2de43dec5f18e648bf.dll

Resource

win10v2004-20241007-en

dridex botnet evasion payload persistence trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  6148532826cdbfc9b12295ce641021f22336459ea6f5cd2de43dec5f18e648bf
- Size
  
  728KB
- MD5
  
  3a325295832f70c883b27b87efa606c6
- SHA1
  
  920e9216016a61f1323024604facdb3fa3d4739a
- SHA256
  
  6148532826cdbfc9b12295ce641021f22336459ea6f5cd2de43dec5f18e648bf
- SHA512
  
  8908496ecd06be35afaf723601ec8478f8b6d1805bf390f5fbb2301db21d0872b0b63f4dbdfb1f9d03db8ecd721a697a49a6eb79d6d5d3e2f173e3176cc7c05f
- SSDEEP
  
  12288:pqJ4FzHTx8cOjEIonNgQLtXKFg2t/KRi4Baed:pqGBHTxvt+g2gYed
Score

10^/10

dridex botnet evasion payload persistence trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Shellcode
  Detects Dridex Payload shellcode injected in Explorer process.
  botnet payload
- Dridex payload
  Detects Dridex x64 core DLL in memory.
  botnet payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridexbotnetevasionpayloadpersistencetrojan

behavioral2

dridexbotnetevasionpayloadpersistencetrojan

© 2018-2024

Terms | Privacy