Resubmissions

General

  • Target

    XmlLite.dll

  • Size

    972KB

  • Sample

    200806-bwn6y59kmn

  • MD5

    a55f44aacfb66d6494db7b94f6a170e4

  • SHA1

    f181f65e6c147b046ba6dfaffa89d7ec45ce674d

  • SHA256

    c08e237f028ef67db6139e16aa4084c8cbada6ce15406819110bb22db01b406e

  • SHA512

    0133d75cbffb9ed1127f70c86dfef7544a5e2d731d0f60030e1578e73025aa155415e23d32f0755c421059056f9030de2af8240b338008c7fcccc6c28ecaa3d4

Malware Config

Targets

    • Target

      XmlLite.dll

    • Size

      972KB

    • MD5

      a55f44aacfb66d6494db7b94f6a170e4

    • SHA1

      f181f65e6c147b046ba6dfaffa89d7ec45ce674d

    • SHA256

      c08e237f028ef67db6139e16aa4084c8cbada6ce15406819110bb22db01b406e

    • SHA512

      0133d75cbffb9ed1127f70c86dfef7544a5e2d731d0f60030e1578e73025aa155415e23d32f0755c421059056f9030de2af8240b338008c7fcccc6c28ecaa3d4

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Dridex Loader 'dmod' strings

      Detects 'dmod' strings in Dridex loader.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks