dridex | 6d29b1ddb14e42725ac1351da325c2a612a917dd6c455e88733febba2d8e64c8 | Triage

Sharing

General

Target

6d29b1ddb14e42725ac1351da325c2a612a917dd6c455e88733febba2d8e64c8
Size

776KB
Sample

250123-ccf7qawpbx
MD5

2a9f5f71552637fc95139e9ae638d5e5
SHA1

36de00ab1abbd4af62c3a3d1d9f88c50622d8a87
SHA256

6d29b1ddb14e42725ac1351da325c2a612a917dd6c455e88733febba2d8e64c8
SHA512

82154505cdd05eee12a7a31b49c0d6b2457d6a2a7b962e2b907830ad7d4ab5260dc96f5a0f6178ea60745506ad5fafe1ab8b1a087f21f9395c2bcc222166ae8b
SSDEEP

12288:bbP23onr2Xi7KrPqgmNiQhDOy4/AT4r/E16K1QS/lsHAGHdDvRQ2sd1gqQ:bbe42Xi7KWgmjDR/T4a/Mdjm

Score

10^/10

dridex botnet defense_evasion payload persistence trojan

Malware Config

Targets

- Target
  
  6d29b1ddb14e42725ac1351da325c2a612a917dd6c455e88733febba2d8e64c8
- Size
  
  776KB
- MD5
  
  2a9f5f71552637fc95139e9ae638d5e5
- SHA1
  
  36de00ab1abbd4af62c3a3d1d9f88c50622d8a87
- SHA256
  
  6d29b1ddb14e42725ac1351da325c2a612a917dd6c455e88733febba2d8e64c8
- SHA512
  
  82154505cdd05eee12a7a31b49c0d6b2457d6a2a7b962e2b907830ad7d4ab5260dc96f5a0f6178ea60745506ad5fafe1ab8b1a087f21f9395c2bcc222166ae8b
- SSDEEP
  
  12288:bbP23onr2Xi7KrPqgmNiQhDOy4/AT4r/E16K1QS/lsHAGHdDvRQ2sd1gqQ:bbe42Xi7KWgmjDR/T4a/Mdjm
Score

10^/10

dridex botnet defense_evasion payload persistence trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Shellcode
  Detects Dridex Payload shellcode injected in Explorer process.
  botnet payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  defense_evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridexbotnetdefense_evasionpayloadpersistencetrojan

behavioral2

dridexbotnetdefense_evasionpayloadpersistencetrojan