Overview

overview

10

Static

static

3

15a87a272e...fN.dll

windows7-x64

10

15a87a272e...fN.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15a87a272e27421376d40db82b49f9b9fa6b3cd3843f74273db6b12344b95d5fN

  • Size

    776KB

  • Sample

    250113-lszhnsxmfs

  • MD5

    2ea02df4d1bd56b7862da01c65d23ff0

  • SHA1

    a5152f9cc2dc61cc043b4c2e339c21772bd59b7e

  • SHA256

    15a87a272e27421376d40db82b49f9b9fa6b3cd3843f74273db6b12344b95d5f

  • SHA512

    ce84da187fdb2b9cda9ebeddbd316d84eddac42c7ee51f2a3b77bc3f447da1a5e27f14f94b29043826def088e32560510cc6db4342a78aaf8df8ee38101aa534

  • SSDEEP

    12288:oGVNJAvuPFUl/faxmVlBLXKCgFfEK7JRLeHlX//ve7:53JAvRl/fKQKCgFfx4P/va

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      15a87a272e27421376d40db82b49f9b9fa6b3cd3843f74273db6b12344b95d5fN

    • Size

      776KB

    • MD5

      2ea02df4d1bd56b7862da01c65d23ff0

    • SHA1

      a5152f9cc2dc61cc043b4c2e339c21772bd59b7e

    • SHA256

      15a87a272e27421376d40db82b49f9b9fa6b3cd3843f74273db6b12344b95d5f

    • SHA512

      ce84da187fdb2b9cda9ebeddbd316d84eddac42c7ee51f2a3b77bc3f447da1a5e27f14f94b29043826def088e32560510cc6db4342a78aaf8df8ee38101aa534

    • SSDEEP

      12288:oGVNJAvuPFUl/faxmVlBLXKCgFfEK7JRLeHlX//ve7:53JAvRl/fKQKCgFfx4P/va

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex family

      dridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks