dridex | 00618be3f92c003935a183a91488eddda0c250e2d01eb0b12744ed66924578ce | Triage

Submit
Reports

Overview

overview

Static

static

3

00618be3f9...eN.dll

windows7-x64

00618be3f9...eN.dll

windows10-2004-x64

Resubmissions

18-12-2024 15:52

241218-ta7ekatqas 10

16-12-2024 07:51

241216-jp7zjaslcm 10

Sharing

General

Target

00618be3f92c003935a183a91488eddda0c250e2d01eb0b12744ed66924578ceN.exe
Size

568KB
Sample

241216-jp7zjaslcm
MD5

f048bb8c1b5ade5b9355ada44754ee20
SHA1

2decea759ecc3fb70339b1fb89d63a38de068c74
SHA256

00618be3f92c003935a183a91488eddda0c250e2d01eb0b12744ed66924578ce
SHA512

2e864d389c747b2404fb0fb5e40bfcf279450e311053e4380c106249bd735758f78b8553860be1bf5d32d632985b3329a62232432f54c799d1d7084a9e6d31e1
SSDEEP

12288:Uuk3YXIqcbbtIlbb02+dwwiUArwBEh/sFZt:Uu+YebtHxZArwBEh0Xt

Score

10^/10

dridex botnet discovery evasion loader persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

00618be3f92c003935a183a91488eddda0c250e2d01eb0b12744ed66924578ceN.dll

Resource

win7-20240729-en

dridex botnet discovery evasion loader persistence trojan

windows7-x64

12 signatures

120 seconds

Behavioral task

behavioral2

Sample

00618be3f92c003935a183a91488eddda0c250e2d01eb0b12744ed66924578ceN.dll

Resource

win10v2004-20241007-en

dridex botnet discovery evasion loader persistence trojan

windows10-2004-x64

15 signatures

120 seconds

Malware Config

Targets

- Target
  
  00618be3f92c003935a183a91488eddda0c250e2d01eb0b12744ed66924578ceN.exe
- Size
  
  568KB
- MD5
  
  f048bb8c1b5ade5b9355ada44754ee20
- SHA1
  
  2decea759ecc3fb70339b1fb89d63a38de068c74
- SHA256
  
  00618be3f92c003935a183a91488eddda0c250e2d01eb0b12744ed66924578ce
- SHA512
  
  2e864d389c747b2404fb0fb5e40bfcf279450e311053e4380c106249bd735758f78b8553860be1bf5d32d632985b3329a62232432f54c799d1d7084a9e6d31e1
- SSDEEP
  
  12288:Uuk3YXIqcbbtIlbb02+dwwiUArwBEh/sFZt:Uu+YebtHxZArwBEh0Xt
Score

10^/10

dridex botnet discovery evasion loader persistence trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader 'dmod' strings
  Detects 'dmod' strings in Dridex loader.
  botnet loader
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridexbotnetdiscoveryevasionloaderpersistencetrojan

behavioral2

dridexbotnetdiscoveryevasionloaderpersistencetrojan

© 2018-2025

Terms | Privacy