Overview

overview

10

Static

static

3

4c0249819c...aa.dll

windows7-x64

10

4c0249819c...aa.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4c0249819c9ceee38ab90401687c1f349ae91e260f8323835b0388504402e8aa

  • Size

    692KB

  • Sample

    241016-jfh9tatfnp

  • MD5

    e9531680b8f5142d44285991f2709e0a

  • SHA1

    45d9e59a69ddade77a8f3b4f0edb6deb18e8d3b6

  • SHA256

    4c0249819c9ceee38ab90401687c1f349ae91e260f8323835b0388504402e8aa

  • SHA512

    dbb8b8208e7f6ebf90a715963d9fdbfdb29c66ce079c9b805f116064e5ffbd334f5ef958279460ac3193a1610eca25d90f7e63c078b0e70369c2d0bef3262617

  • SSDEEP

    12288:AqJ4FzHTx8cOjEIonNgQLtXKFg2t/KRi4Baed:AqGBHTxvt+g2gYed

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      4c0249819c9ceee38ab90401687c1f349ae91e260f8323835b0388504402e8aa

    • Size

      692KB

    • MD5

      e9531680b8f5142d44285991f2709e0a

    • SHA1

      45d9e59a69ddade77a8f3b4f0edb6deb18e8d3b6

    • SHA256

      4c0249819c9ceee38ab90401687c1f349ae91e260f8323835b0388504402e8aa

    • SHA512

      dbb8b8208e7f6ebf90a715963d9fdbfdb29c66ce079c9b805f116064e5ffbd334f5ef958279460ac3193a1610eca25d90f7e63c078b0e70369c2d0bef3262617

    • SSDEEP

      12288:AqJ4FzHTx8cOjEIonNgQLtXKFg2t/KRi4Baed:AqGBHTxvt+g2gYed

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Dridex payload

      Detects Dridex x64 core DLL in memory.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks