Overview

overview

10

Static

static

3

b723987104...47.dll

windows7-x64

10

b723987104...47.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b723987104cf85aaedc0a5dc457d13be8fa1e12526a8b59551729bcc9b0a6247

  • Size

    776KB

  • Sample

    250116-g8d5fswqay

  • MD5

    435455aa73a48604914eb8271db3b4a3

  • SHA1

    8d321b4bd4eb646f18e6507fff8eaa1f93982375

  • SHA256

    b723987104cf85aaedc0a5dc457d13be8fa1e12526a8b59551729bcc9b0a6247

  • SHA512

    797db5b4854395b5b4a0904abcf3e56b43d99faa507c70954216128dcd2861566d78a0d9e6f573aa7ffa3eb220212911e9a8e54a20bc7d0d01e1e0cabd81610f

  • SSDEEP

    24576:1WyoqFMVMKkN3ZvxEhb0IsaQ4KriCo0j6Ij:gKuVMK6vx2RsIKNrj

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      b723987104cf85aaedc0a5dc457d13be8fa1e12526a8b59551729bcc9b0a6247

    • Size

      776KB

    • MD5

      435455aa73a48604914eb8271db3b4a3

    • SHA1

      8d321b4bd4eb646f18e6507fff8eaa1f93982375

    • SHA256

      b723987104cf85aaedc0a5dc457d13be8fa1e12526a8b59551729bcc9b0a6247

    • SHA512

      797db5b4854395b5b4a0904abcf3e56b43d99faa507c70954216128dcd2861566d78a0d9e6f573aa7ffa3eb220212911e9a8e54a20bc7d0d01e1e0cabd81610f

    • SSDEEP

      24576:1WyoqFMVMKkN3ZvxEhb0IsaQ4KriCo0j6Ij:gKuVMK6vx2RsIKNrj

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex family

      dridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks