dridex | d4d9ff199368067600f128d3d3ac1fcc3bfbf0cabfe64b14b8484731ae64117d | Triage

Sharing

General

Target

d4d9ff199368067600f128d3d3ac1fcc3bfbf0cabfe64b14b8484731ae64117d.exe
Size

780KB
Sample

250116-dc7kcaxrf1
MD5

3fa092a0e0ea8a296e20322bcbdc38c4
SHA1

78a2adda053686d8a2ddba3ccd3a5e0f1672575b
SHA256

d4d9ff199368067600f128d3d3ac1fcc3bfbf0cabfe64b14b8484731ae64117d
SHA512

f6b3df5593d62e42f289d59896082d5a4d2a093f01d31e3d790a07223e2ee8728942c5c0b3570fcdfbf79554db89f1c8affdadd42aa5dec2e409878785bd605a
SSDEEP

12288:kbP23onr2XV7KrPqgmNiQhDOy4/AT4r/E16K1QS/lsHAGHdDvRQ2sd1gqQn:kbe42XV7KWgmjDR/T4a/Mdjmi

Score

10^/10

dridex botnet evasion payload persistence privilege_escalation trojan

Malware Config

Targets

- Target
  
  d4d9ff199368067600f128d3d3ac1fcc3bfbf0cabfe64b14b8484731ae64117d.exe
- Size
  
  780KB
- MD5
  
  3fa092a0e0ea8a296e20322bcbdc38c4
- SHA1
  
  78a2adda053686d8a2ddba3ccd3a5e0f1672575b
- SHA256
  
  d4d9ff199368067600f128d3d3ac1fcc3bfbf0cabfe64b14b8484731ae64117d
- SHA512
  
  f6b3df5593d62e42f289d59896082d5a4d2a093f01d31e3d790a07223e2ee8728942c5c0b3570fcdfbf79554db89f1c8affdadd42aa5dec2e409878785bd605a
- SSDEEP
  
  12288:kbP23onr2XV7KrPqgmNiQhDOy4/AT4r/E16K1QS/lsHAGHdDvRQ2sd1gqQn:kbe42XV7KWgmjDR/T4a/Mdjmi
Score

10^/10

dridex botnet evasion payload persistence trojan privilege_escalation
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Shellcode
  Detects Dridex Payload shellcode injected in Explorer process.
  botnet payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Accessibility Features

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Accessibility Features

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridexbotnetevasionpayloadpersistencetrojan

behavioral2

dridexbotnetevasionpayloadpersistenceprivilege_escalationtrojan