Overview

overview

10

Static

static

3

582465ca47...2f.dll

windows7-x64

10

582465ca47...2f.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    582465ca47042194af55732c39ecd86302618b932f5b6608c9b1b825c112042f

  • Size

    696KB

  • Sample

    241016-jc985azaqd

  • MD5

    0a3cf587cfebb06a98eb27d2200ddf2a

  • SHA1

    cb58b536bfb54b7ee2795a8939361465a8cb262e

  • SHA256

    582465ca47042194af55732c39ecd86302618b932f5b6608c9b1b825c112042f

  • SHA512

    806a83b20039618e181ccb87f9658cdb6dd25cef4b59d3bfc7c3a65381f1b67440e015dfe4f756f3c7e05ec05f3bba06732e32e51ddabc1295b803254ab9fd0f

  • SSDEEP

    12288:BqJ4FzHTx8cOjEIonNgQLtXKFg2t/KRi4Baed:BqGBHTxvt+g2gYed

Score
10/10
dridexbotnetevasionpayloadpersistenceprivilege_escalationtrojan

Malware Config

Targets

    • Target

      582465ca47042194af55732c39ecd86302618b932f5b6608c9b1b825c112042f

    • Size

      696KB

    • MD5

      0a3cf587cfebb06a98eb27d2200ddf2a

    • SHA1

      cb58b536bfb54b7ee2795a8939361465a8cb262e

    • SHA256

      582465ca47042194af55732c39ecd86302618b932f5b6608c9b1b825c112042f

    • SHA512

      806a83b20039618e181ccb87f9658cdb6dd25cef4b59d3bfc7c3a65381f1b67440e015dfe4f756f3c7e05ec05f3bba06732e32e51ddabc1295b803254ab9fd0f

    • SSDEEP

      12288:BqJ4FzHTx8cOjEIonNgQLtXKFg2t/KRi4Baed:BqGBHTxvt+g2gYed

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojanprivilege_escalation

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Dridex payload

      Detects Dridex x64 core DLL in memory.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks