dridex | e39f3bcdcae4e78e73305f92a83fb3b4e438ccd669c1692321271d0a8d70d607 | Triage

Sharing

General

Target

e39f3bcdcae4e78e73305f92a83fb3b4e438ccd669c1692321271d0a8d70d607
Size

776KB
Sample

250217-jgq12swjcs
MD5

57625062489581e062e1dcfcf2e6dddc
SHA1

e04d7fdf4a710f91205a0aff59b5da2196c65154
SHA256

e39f3bcdcae4e78e73305f92a83fb3b4e438ccd669c1692321271d0a8d70d607
SHA512

c9f08913371c44ca7b5173d4522a219ab3e974e326051a2c953ade08e9a031fb2afae99ba506dd304d8b5fe2c1f082317f0dfd93d68a7cd8e155c415fd2bb250
SSDEEP

12288:NGVNJAvuPFUl/faxmVlBLXKCgFfEK7JRLeHlX//ve7Lt:w3JAvRl/fKQKCgFfx4P/vaLt

Score

10^/10

dridex botnet defense_evasion discovery payload persistence trojan

Malware Config

Targets

- Target
  
  e39f3bcdcae4e78e73305f92a83fb3b4e438ccd669c1692321271d0a8d70d607
- Size
  
  776KB
- MD5
  
  57625062489581e062e1dcfcf2e6dddc
- SHA1
  
  e04d7fdf4a710f91205a0aff59b5da2196c65154
- SHA256
  
  e39f3bcdcae4e78e73305f92a83fb3b4e438ccd669c1692321271d0a8d70d607
- SHA512
  
  c9f08913371c44ca7b5173d4522a219ab3e974e326051a2c953ade08e9a031fb2afae99ba506dd304d8b5fe2c1f082317f0dfd93d68a7cd8e155c415fd2bb250
- SSDEEP
  
  12288:NGVNJAvuPFUl/faxmVlBLXKCgFfEK7JRLeHlX//ve7Lt:w3JAvRl/fKQKCgFfx4P/vaLt
Score

10^/10

dridex botnet defense_evasion payload persistence trojan discovery
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Shellcode
  Detects Dridex Payload shellcode injected in Explorer process.
  botnet payload
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  defense_evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridexbotnetdefense_evasionpayloadpersistencetrojan

behavioral2

dridexbotnetdefense_evasiondiscoverypayloadpersistencetrojan