dridex | 24b578f6ed5e0e3936a230c135def3af248deca34d13e377c40212288bc5359d | Triage

Sharing

General

Target

24b578f6ed5e0e3936a230c135def3af248deca34d13e377c40212288bc5359dN.exe
Size

780KB
Sample

250225-c342gaxqt7
MD5

523e161e7f0441375283519de5dd1640
SHA1

18317845671b0ed94fa1b4633d673c55193e39ad
SHA256

24b578f6ed5e0e3936a230c135def3af248deca34d13e377c40212288bc5359d
SHA512

1556e848fa07d1dc24ca516313c1479dddcd527246df26ddf1dcb01cc8e8a98caf37879c01b4472d93115575791366984f93d401f6ea9047153ab99c8e080b57
SSDEEP

12288:obP23onr2XV7KrPqgmNiQhDOy4/AT4r/E16K1QS/lsHAGHdDvRQ2sd1gqQ:obe42XV7KWgmjDR/T4a/Mdjm

Score

10^/10

dridex botnet defense_evasion payload persistence privilege_escalation trojan

Malware Config

Targets

- Target
  
  24b578f6ed5e0e3936a230c135def3af248deca34d13e377c40212288bc5359dN.exe
- Size
  
  780KB
- MD5
  
  523e161e7f0441375283519de5dd1640
- SHA1
  
  18317845671b0ed94fa1b4633d673c55193e39ad
- SHA256
  
  24b578f6ed5e0e3936a230c135def3af248deca34d13e377c40212288bc5359d
- SHA512
  
  1556e848fa07d1dc24ca516313c1479dddcd527246df26ddf1dcb01cc8e8a98caf37879c01b4472d93115575791366984f93d401f6ea9047153ab99c8e080b57
- SSDEEP
  
  12288:obP23onr2XV7KrPqgmNiQhDOy4/AT4r/E16K1QS/lsHAGHdDvRQ2sd1gqQ:obe42XV7KWgmjDR/T4a/Mdjm
Score

10^/10

dridex botnet defense_evasion payload persistence privilege_escalation trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex family
  dridex
- Dridex Shellcode
  Detects Dridex Payload shellcode injected in Explorer process.
  botnet payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  defense_evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Accessibility Features

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Accessibility Features

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dridexbotnetdefense_evasionpayloadpersistenceprivilege_escalationtrojan

behavioral2

dridexbotnetdefense_evasionpayloadpersistenceprivilege_escalationtrojan