Overview

overview

10

Static

static

3

5c31a1991b...93.dll

windows7-x64

10

5c31a1991b...93.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5c31a1991b83b16d620785baf2e328b49cc684886f0682cfefc934c0f8762e93

  • Size

    788KB

  • Sample

    250116-bgmdvstla1

  • MD5

    57ff8aad6421b8785d191a75825a457d

  • SHA1

    7991ebfc143d958342135a84297ee949ef110f2a

  • SHA256

    5c31a1991b83b16d620785baf2e328b49cc684886f0682cfefc934c0f8762e93

  • SHA512

    ec22ac2a7f68eb08b253a75efa75ca5d7dda6c726bc24f799556dd88f1347066c9a36ee683c8e77fef0cc42b0a86c4cbd6caabcf432134b63e815601b76fb908

  • SSDEEP

    24576:9WyoyFMVMKkN3ZvxEhb0IsaQ4KriCo0j6Ij:oSuVMK6vx2RsIKNrj

Score
10/10
dridexbotnetdiscoveryevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      5c31a1991b83b16d620785baf2e328b49cc684886f0682cfefc934c0f8762e93

    • Size

      788KB

    • MD5

      57ff8aad6421b8785d191a75825a457d

    • SHA1

      7991ebfc143d958342135a84297ee949ef110f2a

    • SHA256

      5c31a1991b83b16d620785baf2e328b49cc684886f0682cfefc934c0f8762e93

    • SHA512

      ec22ac2a7f68eb08b253a75efa75ca5d7dda6c726bc24f799556dd88f1347066c9a36ee683c8e77fef0cc42b0a86c4cbd6caabcf432134b63e815601b76fb908

    • SSDEEP

      24576:9WyoyFMVMKkN3ZvxEhb0IsaQ4KriCo0j6Ij:oSuVMK6vx2RsIKNrj

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojandiscovery

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex family

      dridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks