dridex | 11066c2e0a1b0fe58bc9584918054340aa58179a79a3c8c6da49c63801d8ff2a | Triage

Sharing

General

Target

JaffaCakes118_63fbef9c63dc9858707e03078f23f1ce
Size

2.4MB
Sample

250102-kzwjxsvkhz
MD5

63fbef9c63dc9858707e03078f23f1ce
SHA1

3a3aa0a1c6663551ee8e05fc2e6b17942fa83b96
SHA256

11066c2e0a1b0fe58bc9584918054340aa58179a79a3c8c6da49c63801d8ff2a
SHA512

e812c268e67ee8eeb46d6d8b50ca00c26e8db4784f99c15edd083b3583d999a1e65ffd46d7af87069d854b62edc956a26fe5ffd80d295efb2dd5126d6ed56956
SSDEEP

12288:tVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:0fP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Score

10^/10

dridex botnet evasion payload persistence privilege_escalation trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_63fbef9c63dc9858707e03078f23f1ce
- Size
  
  2.4MB
- MD5
  
  63fbef9c63dc9858707e03078f23f1ce
- SHA1
  
  3a3aa0a1c6663551ee8e05fc2e6b17942fa83b96
- SHA256
  
  11066c2e0a1b0fe58bc9584918054340aa58179a79a3c8c6da49c63801d8ff2a
- SHA512
  
  e812c268e67ee8eeb46d6d8b50ca00c26e8db4784f99c15edd083b3583d999a1e65ffd46d7af87069d854b62edc956a26fe5ffd80d295efb2dd5126d6ed56956
- SSDEEP
  
  12288:tVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:0fP7fWsK5z9A+WGAW+V5SB6Ct4bnb
Score

10^/10

dridex botnet evasion payload persistence trojan privilege_escalation
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Shellcode
  Detects Dridex Payload shellcode injected in Explorer process.
  botnet payload
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Accessibility Features

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Accessibility Features

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridexbotnetevasionpayloadpersistencetrojan

behavioral2

dridexbotnetevasionpayloadpersistenceprivilege_escalationtrojan