dridex | 04a38ad247b76dc07abd862aaed2bf751d79c3baf8cc683763c7284a30c6c5c8 | Triage

Submit
Reports

Overview

overview

Static

static

3

04a38ad247...8N.dll

windows7-x64

04a38ad247...8N.dll

windows10-2004-x64

Sharing

General

Target

04a38ad247b76dc07abd862aaed2bf751d79c3baf8cc683763c7284a30c6c5c8N.exe
Size

820KB
Sample

241220-adcjtatnhy
MD5

af36893cc5b429fa02560e38cf3906f0
SHA1

f5430b9efe75be9bd867e952b292f3980bf49d75
SHA256

04a38ad247b76dc07abd862aaed2bf751d79c3baf8cc683763c7284a30c6c5c8
SHA512

310feb29f12d357b1c260c02a31c87e70b78d13e4f1c2e778a439747cac67f613bc7345894cb0b71102b1d45b63b20c1171a62edd2c8345cd00eae59621e1863
SSDEEP

6144:Th7RxJSC3VZLCEixjAoN6StM3LORFxz0Mn0G6oanXCW5DVQGVDmrvcJdR7OsDtom:Th9fKxjNoYxTw9XrRK0dBOJpy0RXR8p

Score

10^/10

dridex botnet discovery evasion loader persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

04a38ad247b76dc07abd862aaed2bf751d79c3baf8cc683763c7284a30c6c5c8N.dll

Resource

win7-20240903-en

dridex botnet discovery evasion loader persistence trojan

windows7-x64

12 signatures

120 seconds

Behavioral task

behavioral2

Sample

04a38ad247b76dc07abd862aaed2bf751d79c3baf8cc683763c7284a30c6c5c8N.dll

Resource

win10v2004-20241007-en

dridex botnet discovery evasion loader persistence trojan

windows10-2004-x64

17 signatures

120 seconds

Malware Config

Targets

- Target
  
  04a38ad247b76dc07abd862aaed2bf751d79c3baf8cc683763c7284a30c6c5c8N.exe
- Size
  
  820KB
- MD5
  
  af36893cc5b429fa02560e38cf3906f0
- SHA1
  
  f5430b9efe75be9bd867e952b292f3980bf49d75
- SHA256
  
  04a38ad247b76dc07abd862aaed2bf751d79c3baf8cc683763c7284a30c6c5c8
- SHA512
  
  310feb29f12d357b1c260c02a31c87e70b78d13e4f1c2e778a439747cac67f613bc7345894cb0b71102b1d45b63b20c1171a62edd2c8345cd00eae59621e1863
- SSDEEP
  
  6144:Th7RxJSC3VZLCEixjAoN6StM3LORFxz0Mn0G6oanXCW5DVQGVDmrvcJdR7OsDtom:Th9fKxjNoYxTw9XrRK0dBOJpy0RXR8p
Score

10^/10

dridex botnet discovery evasion loader persistence trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Loader 'dmod' strings
  Detects 'dmod' strings in Dridex loader.
  botnet loader
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridexbotnetdiscoveryevasionloaderpersistencetrojan

behavioral2

dridexbotnetdiscoveryevasionloaderpersistencetrojan

© 2018-2025

Terms | Privacy