dridex | 00a4f5b50c281942629456327a8a4772f28e234abcb4dc6ecd755ff849714a93 | Triage

Submit
Reports

Overview

overview

Static

static

3

64aceb8bda...18.dll

windows7-x64

64aceb8bda...18.dll

windows10-2004-x64

Sharing

General

Target

64aceb8bda31f573a45db0ea2c70c918_JaffaCakes118
Size

872KB
Sample

241020-3qd8dsyeqj
MD5

64aceb8bda31f573a45db0ea2c70c918
SHA1

448bbb8dfded2f51b6b098cb2d650c961d0275b8
SHA256

00a4f5b50c281942629456327a8a4772f28e234abcb4dc6ecd755ff849714a93
SHA512

201c607317f291c84f417ca9b3c9c371c85140283c9d9279b62a8c46682224411ac3d612eafd95b606564893bea354df6af0ec7e443ae300e5862b591605e19f
SSDEEP

12288:SdMIwS97wJs6tSKDXEabXaC+jhc1S8XXk7CZzHsZH9dq0T:kMIJxSDX3bqjhcfHk7MzH6z

Score

10^/10

dridex botnet evasion payload persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

64aceb8bda31f573a45db0ea2c70c918_JaffaCakes118.dll

Resource

win7-20240903-en

dridex botnet evasion payload persistence trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

64aceb8bda31f573a45db0ea2c70c918_JaffaCakes118.dll

Resource

win10v2004-20241007-en

dridex botnet evasion payload persistence trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  64aceb8bda31f573a45db0ea2c70c918_JaffaCakes118
- Size
  
  872KB
- MD5
  
  64aceb8bda31f573a45db0ea2c70c918
- SHA1
  
  448bbb8dfded2f51b6b098cb2d650c961d0275b8
- SHA256
  
  00a4f5b50c281942629456327a8a4772f28e234abcb4dc6ecd755ff849714a93
- SHA512
  
  201c607317f291c84f417ca9b3c9c371c85140283c9d9279b62a8c46682224411ac3d612eafd95b606564893bea354df6af0ec7e443ae300e5862b591605e19f
- SSDEEP
  
  12288:SdMIwS97wJs6tSKDXEabXaC+jhc1S8XXk7CZzHsZH9dq0T:kMIJxSDX3bqjhcfHk7MzH6z
Score

10^/10

dridex botnet evasion payload persistence trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Shellcode
  Detects Dridex Payload shellcode injected in Explorer process.
  botnet payload
- Dridex payload
  Detects Dridex x64 core DLL in memory.
  botnet payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridexbotnetevasionpayloadpersistencetrojan

behavioral2

dridexbotnetevasionpayloadpersistencetrojan

© 2018-2025

Terms | Privacy