Overview

overview

10

Static

static

3

8025132bca...9N.dll

windows7-x64

10

8025132bca...9N.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8025132bcaf7924552395dabb6c102b0d64e94465f457199304512134f69baf9N.exe

  • Size

    668KB

  • Sample

    241129-eqfjfsvkby

  • MD5

    cb9ab1885f0cd6d07f21394cfc141ea0

  • SHA1

    03e106e193e40c8de8965a6a34330bd202016dd2

  • SHA256

    8025132bcaf7924552395dabb6c102b0d64e94465f457199304512134f69baf9

  • SHA512

    dd5c17633f836f956bc1fc7d7076a833177e1ec9e3f609aea25ab6659b88844ae755360cf1e15c193097cbb95ee1443e32391fbe7ee471817177c7228451bfa5

  • SSDEEP

    6144:F34xznfAp4x+NWMqW/KZ1vCDTEpc2bysCZR6iwAtUnWKT5WK8Rpv1llfFfCRAuTF:FIKp/UWCZdCDh2IZDwAFRpR6Au

Score
10/10
dridexbotnetevasionpayloadpersistenceprivilege_escalationtrojan

Malware Config

Targets

    • Target

      8025132bcaf7924552395dabb6c102b0d64e94465f457199304512134f69baf9N.exe

    • Size

      668KB

    • MD5

      cb9ab1885f0cd6d07f21394cfc141ea0

    • SHA1

      03e106e193e40c8de8965a6a34330bd202016dd2

    • SHA256

      8025132bcaf7924552395dabb6c102b0d64e94465f457199304512134f69baf9

    • SHA512

      dd5c17633f836f956bc1fc7d7076a833177e1ec9e3f609aea25ab6659b88844ae755360cf1e15c193097cbb95ee1443e32391fbe7ee471817177c7228451bfa5

    • SSDEEP

      6144:F34xznfAp4x+NWMqW/KZ1vCDTEpc2bysCZR6iwAtUnWKT5WK8Rpv1llfFfCRAuTF:FIKp/UWCZdCDh2IZDwAFRpR6Au

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojanprivilege_escalation

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex family

      dridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Dridex payload

      Detects Dridex x64 core DLL in memory.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks