dridex | 794e1fc591d09ba1650cb356384f33dc3a1a4810cb9c64f9d30b24b8c3ac8a43 | Triage

Sharing

General

Target

794e1fc591d09ba1650cb356384f33dc3a1a4810cb9c64f9d30b24b8c3ac8a43.exe
Size

780KB
Sample

250224-ne1jxszjz2
MD5

1554104d7f9db2f8a779405eb5707b9b
SHA1

77434050361476de655662ac77e4543ed387f653
SHA256

794e1fc591d09ba1650cb356384f33dc3a1a4810cb9c64f9d30b24b8c3ac8a43
SHA512

f278140c72faf11cf14cfe885016034dd735ad569c8ee5cb9ae4a6d5694e7ed91b491ae02ef9473d1554d2da19292598d44414c1c714b506929be0fb46307ad1
SSDEEP

24576:aWyoHFMVMKkN3ZvxEhb0IsaQ4KriCo0j6Ij+:dnuVMK6vx2RsIKNrj+

Score

10^/10

dridex botnet defense_evasion payload persistence trojan

Malware Config

Targets

- Target
  
  794e1fc591d09ba1650cb356384f33dc3a1a4810cb9c64f9d30b24b8c3ac8a43.exe
- Size
  
  780KB
- MD5
  
  1554104d7f9db2f8a779405eb5707b9b
- SHA1
  
  77434050361476de655662ac77e4543ed387f653
- SHA256
  
  794e1fc591d09ba1650cb356384f33dc3a1a4810cb9c64f9d30b24b8c3ac8a43
- SHA512
  
  f278140c72faf11cf14cfe885016034dd735ad569c8ee5cb9ae4a6d5694e7ed91b491ae02ef9473d1554d2da19292598d44414c1c714b506929be0fb46307ad1
- SSDEEP
  
  24576:aWyoHFMVMKkN3ZvxEhb0IsaQ4KriCo0j6Ij+:dnuVMK6vx2RsIKNrj+
Score

10^/10

dridex botnet defense_evasion payload persistence trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Shellcode
  Detects Dridex Payload shellcode injected in Explorer process.
  botnet payload
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  defense_evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridexbotnetdefense_evasionpayloadpersistencetrojan

behavioral2

dridexbotnetdefense_evasionpayloadpersistencetrojan