dridex | 12ea5105223f47e666b8ada79a01b005d6f9e8a2e2473f4806122462e2f8e4d0 | Triage

Sharing

General

Target

12ea5105223f47e666b8ada79a01b005d6f9e8a2e2473f4806122462e2f8e4d0N.exe
Size

800KB
Sample

250112-v4tw1atrhp
MD5

5dbc2a1522bc37b5103a1cbcd8fb0520
SHA1

ca646063f9e2cc6ca352f0bb81d67d9aef78a02f
SHA256

12ea5105223f47e666b8ada79a01b005d6f9e8a2e2473f4806122462e2f8e4d0
SHA512

51768b4c6a6396ba6282bb3d5f3347440e884a1f258d40f2567b09564b429c676e211f8f610961c5eda27b0fb7e64c29ad0a888c9cd75df584d22c60cc3a5033
SSDEEP

12288:wGVNJAvuPFUl/faxmVlBLXKCgFfEK7JRLeHlX//ve7wEN:h3JAvRl/fKQKCgFfx4P/vaw

Score

10^/10

dridex botnet discovery evasion payload persistence trojan

Malware Config

Targets

- Target
  
  12ea5105223f47e666b8ada79a01b005d6f9e8a2e2473f4806122462e2f8e4d0N.exe
- Size
  
  800KB
- MD5
  
  5dbc2a1522bc37b5103a1cbcd8fb0520
- SHA1
  
  ca646063f9e2cc6ca352f0bb81d67d9aef78a02f
- SHA256
  
  12ea5105223f47e666b8ada79a01b005d6f9e8a2e2473f4806122462e2f8e4d0
- SHA512
  
  51768b4c6a6396ba6282bb3d5f3347440e884a1f258d40f2567b09564b429c676e211f8f610961c5eda27b0fb7e64c29ad0a888c9cd75df584d22c60cc3a5033
- SSDEEP
  
  12288:wGVNJAvuPFUl/faxmVlBLXKCgFfEK7JRLeHlX//ve7wEN:h3JAvRl/fKQKCgFfx4P/vaw
Score

10^/10

dridex botnet evasion payload persistence trojan discovery
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Shellcode
  Detects Dridex Payload shellcode injected in Explorer process.
  botnet payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridexbotnetevasionpayloadpersistencetrojan

behavioral2

dridexbotnetdiscoveryevasionpayloadpersistencetrojan