Overview

overview

10

Static

static

3

03fa00884c...d8.dll

windows7-x64

10

03fa00884c...d8.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    03fa00884cf73c17010e554ad52bc98e56e57b176a11e524bd98a8af6fb8c9d8

  • Size

    796KB

  • Sample

    241219-x8tsxayldn

  • MD5

    2f586014e2b096df6dfdd8015e326a3d

  • SHA1

    6b37190de9e2cf9f5be9c54c49550799fc1d2651

  • SHA256

    03fa00884cf73c17010e554ad52bc98e56e57b176a11e524bd98a8af6fb8c9d8

  • SHA512

    5131ddf71a528ae982426f660776c742db9b85a9c955c496425b1d86fc12f3886563f9f537f3bc2ad02448772f288a2ed37d46ac68f4af9ed092de78c069c3ad

  • SSDEEP

    12288:RBHgxzPkHLCZmx0Kvf27MV5SlZvuAYr42Xq0:RB8sHwEf27Mn5br42Xd

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      03fa00884cf73c17010e554ad52bc98e56e57b176a11e524bd98a8af6fb8c9d8

    • Size

      796KB

    • MD5

      2f586014e2b096df6dfdd8015e326a3d

    • SHA1

      6b37190de9e2cf9f5be9c54c49550799fc1d2651

    • SHA256

      03fa00884cf73c17010e554ad52bc98e56e57b176a11e524bd98a8af6fb8c9d8

    • SHA512

      5131ddf71a528ae982426f660776c742db9b85a9c955c496425b1d86fc12f3886563f9f537f3bc2ad02448772f288a2ed37d46ac68f4af9ed092de78c069c3ad

    • SSDEEP

      12288:RBHgxzPkHLCZmx0Kvf27MV5SlZvuAYr42Xq0:RB8sHwEf27Mn5br42Xd

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex family

      dridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks