dridex | 75e5362cc782d695f9ade6952008096966ae46c8e8620e0f0acf3f1008b87b86 | Triage

Submit
Reports

Overview

overview

Static

static

3

7c087528f0...18.dll

windows7-x64

7c087528f0...18.dll

windows10-2004-x64

Sharing

General

Target

7c087528f0e93350c3202b5e72fa9521_JaffaCakes118
Size

1.2MB
Sample

240528-hdfkgahe5s
MD5

7c087528f0e93350c3202b5e72fa9521
SHA1

214b245a92ad6aacda934ed76ad0621c9800fe91
SHA256

75e5362cc782d695f9ade6952008096966ae46c8e8620e0f0acf3f1008b87b86
SHA512

c5a13abd5f1511de3a6ecd673cb5ab23e7ae2990d0c9b212082667e65036112387698d2c3cdca373f4705e9deaab44a7585f161b5c050fa64726c713d9ed83de
SSDEEP

24576:UuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N9t:M9cKrUqZWLAcU

Score

10^/10

dridex botnet evasion payload persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7c087528f0e93350c3202b5e72fa9521_JaffaCakes118.dll

Resource

win7-20231129-en

dridex botnet evasion payload persistence trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

7c087528f0e93350c3202b5e72fa9521_JaffaCakes118.dll

Resource

win10v2004-20240426-en

dridex botnet evasion payload persistence trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  7c087528f0e93350c3202b5e72fa9521_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  7c087528f0e93350c3202b5e72fa9521
- SHA1
  
  214b245a92ad6aacda934ed76ad0621c9800fe91
- SHA256
  
  75e5362cc782d695f9ade6952008096966ae46c8e8620e0f0acf3f1008b87b86
- SHA512
  
  c5a13abd5f1511de3a6ecd673cb5ab23e7ae2990d0c9b212082667e65036112387698d2c3cdca373f4705e9deaab44a7585f161b5c050fa64726c713d9ed83de
- SSDEEP
  
  24576:UuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N9t:M9cKrUqZWLAcU
Score

10^/10

dridex botnet evasion payload persistence trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Shellcode
  Detects Dridex Payload shellcode injected in Explorer process.
  botnet payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dridexbotnetevasionpayloadpersistencetrojan

behavioral2

dridexbotnetevasionpayloadpersistencetrojan

© 2018-2024

Terms | Privacy