dridex | 2f60124860d5be9579a4a37ed8e8800197f77dfa7292ea79215897aa1f5aa81a | Triage

Submit
Reports

Overview

overview

Static

static

3

99daf6981e...18.dll

windows7-x64

99daf6981e...18.dll

windows10-2004-x64

Sharing

General

Target

99daf6981ed0868d09623c8463847c9a_JaffaCakes118
Size

987KB
Sample

240606-dj1qdagc25
MD5

99daf6981ed0868d09623c8463847c9a
SHA1

ad9ce6e2dc54be25d7b23c8902a549a2897e2fef
SHA256

2f60124860d5be9579a4a37ed8e8800197f77dfa7292ea79215897aa1f5aa81a
SHA512

8e3b74ed0189f0528c398de4772e77c7b9019e1ed6a281bbd41663778990eb4a1d6ba0a0006e15a14e52d3a8d237f8c1981a1447a9a267de50aa8f1ffe776965
SSDEEP

24576:CVHchfFcSTdS1ZikTqpaIJvzSqbY/0Z2ZlECMNXkTlzvmJL8:CV8hf6STw1ZlQauvzSq01ICe6zvm

Score

10^/10

dridex botnet evasion payload persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

99daf6981ed0868d09623c8463847c9a_JaffaCakes118.dll

Resource

win7-20240215-en

dridex botnet evasion payload persistence trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

99daf6981ed0868d09623c8463847c9a_JaffaCakes118.dll

Resource

win10v2004-20240226-en

dridex botnet evasion payload persistence trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  99daf6981ed0868d09623c8463847c9a_JaffaCakes118
- Size
  
  987KB
- MD5
  
  99daf6981ed0868d09623c8463847c9a
- SHA1
  
  ad9ce6e2dc54be25d7b23c8902a549a2897e2fef
- SHA256
  
  2f60124860d5be9579a4a37ed8e8800197f77dfa7292ea79215897aa1f5aa81a
- SHA512
  
  8e3b74ed0189f0528c398de4772e77c7b9019e1ed6a281bbd41663778990eb4a1d6ba0a0006e15a14e52d3a8d237f8c1981a1447a9a267de50aa8f1ffe776965
- SSDEEP
  
  24576:CVHchfFcSTdS1ZikTqpaIJvzSqbY/0Z2ZlECMNXkTlzvmJL8:CV8hf6STw1ZlQauvzSq01ICe6zvm
Score

10^/10

dridex botnet evasion payload persistence trojan
- Dridex
  Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
  botnet dridex
- Dridex Shellcode
  Detects Dridex Payload shellcode injected in Explorer process.
  botnet payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dridexbotnetevasionpayloadpersistencetrojan

behavioral2

dridexbotnetevasionpayloadpersistencetrojan

© 2018-2024

Terms | Privacy