Overview

overview

10

Static

static

3

6c15387941...2N.dll

windows7-x64

10

6c15387941...2N.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6c15387941d9c5100839fada2c08e23067b7467334e4ad6deb329d1660d4d482N.exe

  • Size

    776KB

  • Sample

    250121-cyntpa1qdj

  • MD5

    9b8172adb2e1a4edd396f5d9aab93030

  • SHA1

    901c5cf6f637b2946fc11f7edbce9dabed6563ef

  • SHA256

    6c15387941d9c5100839fada2c08e23067b7467334e4ad6deb329d1660d4d482

  • SHA512

    69703121022941ff097b071d1458307f0b48395a2a58cfad191c2680f6f8c2e2c9322a30f5a441dbeb8daece5f02f2cffa3fe48f20d24ca7eebb41577fe995ae

  • SSDEEP

    12288:fbP23onr2XO7KrPqgmNiQhDOy4/AT4r/E16K1QS/lsHAGHdDvRQ2sd1gqQ:fbe42XO7KWgmjDR/T4a/Mdjm

Score
10/10
dridexbotnetdefense_evasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      6c15387941d9c5100839fada2c08e23067b7467334e4ad6deb329d1660d4d482N.exe

    • Size

      776KB

    • MD5

      9b8172adb2e1a4edd396f5d9aab93030

    • SHA1

      901c5cf6f637b2946fc11f7edbce9dabed6563ef

    • SHA256

      6c15387941d9c5100839fada2c08e23067b7467334e4ad6deb329d1660d4d482

    • SHA512

      69703121022941ff097b071d1458307f0b48395a2a58cfad191c2680f6f8c2e2c9322a30f5a441dbeb8daece5f02f2cffa3fe48f20d24ca7eebb41577fe995ae

    • SSDEEP

      12288:fbP23onr2XO7KrPqgmNiQhDOy4/AT4r/E16K1QS/lsHAGHdDvRQ2sd1gqQ:fbe42XO7KWgmjDR/T4a/Mdjm

    Score
    10/10
    dridexbotnetdefense_evasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex family

      dridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      defense_evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks