dridex | 123a833c6ad4fefb0e612a93c8bfb2fda9525414b308f18c9d3ea56a5ea37fff | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

123a833c6a...ff.dll

windows7-x64

123a833c6a...ff.dll

windows10-2004-x64

Sharing

General

Target

123a833c6ad4fefb0e612a93c8bfb2fda9525414b308f18c9d3ea56a5ea37fff.exe
Size

984KB
Sample

250127-qab2wazrcq
MD5

f5e2ec95b6d3d591609351b2c32c15fc
SHA1

56ff4415603201d5367280e88348a56f24e4863b
SHA256

123a833c6ad4fefb0e612a93c8bfb2fda9525414b308f18c9d3ea56a5ea37fff
SHA512

ccd2977e2a21ea3f8c0ca0774f84af450813a9b338dcf31e59ae377f7cca9206e64f7be2e756ead7abcc61114b7d1a20480bec7dca56e6252d264fbc824f6fc0
SSDEEP

24576:yWyoHFMVMKkN3ZvxEhb0IsaQ4KriCo0j6Ijgx:1nuVMK6vx2RsIKNrjE

Score

10^/10

dridex botnet defense_evasion payload persistence privilege_escalation trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

123a833c6ad4fefb0e612a93c8bfb2fda9525414b308f18c9d3ea56a5ea37fff.dll

Resource

win7-20240903-en

dridex botnet defense_evasion payload persistence trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

123a833c6ad4fefb0e612a93c8bfb2fda9525414b308f18c9d3ea56a5ea37fff.dll

Resource

win10v2004-20241007-en

dridex botnet defense_evasion payload persistence privilege_escalation trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  123a833c6ad4fefb0e612a93c8bfb2fda9525414b308f18c9d3ea56a5ea37fff.exe
- Size
  
  984KB
- MD5
  
  f5e2ec95b6d3d591609351b2c32c15fc
- SHA1
  
  56ff4415603201d5367280e88348a56f24e4863b
- SHA256
  
  123a833c6ad4fefb0e612a93c8bfb2fda9525414b308f18c9d3ea56a5ea37fff
- SHA512
  
  ccd2977e2a21ea3f8c0ca0774f84af450813a9b338dcf31e59ae377f7cca9206e64f7be2e756ead7abcc61114b7d1a20480bec7dca56e6252d264fbc824f6fc0
- SSDEEP
  
  24576:yWyoHFMVMKkN3ZvxEhb0IsaQ4KriCo0j6Ijgx:1nuVMK6vx2RsIKNrjE
Score

10^/10

dridex botnet defense_evasion payload persistence trojan privilege_escalation
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Shellcode
  Detects Dridex Payload shellcode injected in Explorer process.
  botnet payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  defense_evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Accessibility Features

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Accessibility Features

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridexbotnetdefense_evasionpayloadpersistencetrojan

behavioral2

dridexbotnetdefense_evasionpayloadpersistenceprivilege_escalationtrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.