Overview

overview

10

Static

static

3

e80e91427a...c9.dll

windows7-x64

10

e80e91427a...c9.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e80e91427ae02c7a807f5ea9b525773004eb2b21e2885e1fd59007712bcbddc9

  • Size

    780KB

  • Sample

    250121-qsv8gawjey

  • MD5

    da22935a03edc151c941b1b47a3ffb8a

  • SHA1

    f9cdaafa0d55d45e4200962737300c121d24e41b

  • SHA256

    e80e91427ae02c7a807f5ea9b525773004eb2b21e2885e1fd59007712bcbddc9

  • SHA512

    eb73485e20b9e3344ebd8c9925bf98f21a2a4d39206361a748c5091702d3bf426fa1c941c4aa3f06c2f477f94b24e6525cc014224e638f9abf1c9ad7adf51e5a

  • SSDEEP

    24576:vWyoHFMVMKkN3ZvxEhb0IsaQ4KriCo0j6Ij:enuVMK6vx2RsIKNrj

Score
10/10
dridexbotnetdefense_evasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      e80e91427ae02c7a807f5ea9b525773004eb2b21e2885e1fd59007712bcbddc9

    • Size

      780KB

    • MD5

      da22935a03edc151c941b1b47a3ffb8a

    • SHA1

      f9cdaafa0d55d45e4200962737300c121d24e41b

    • SHA256

      e80e91427ae02c7a807f5ea9b525773004eb2b21e2885e1fd59007712bcbddc9

    • SHA512

      eb73485e20b9e3344ebd8c9925bf98f21a2a4d39206361a748c5091702d3bf426fa1c941c4aa3f06c2f477f94b24e6525cc014224e638f9abf1c9ad7adf51e5a

    • SSDEEP

      24576:vWyoHFMVMKkN3ZvxEhb0IsaQ4KriCo0j6Ij:enuVMK6vx2RsIKNrj

    Score
    10/10
    dridexbotnetdefense_evasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex family

      dridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      defense_evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks