Resubmissions

28-05-2021 05:59

210528-mj2qwc9z3x 10

19-05-2021 14:41

210519-khtrssqv6a 10

10-05-2021 18:06

210510-ncy7w9kqte 10

General

  • Target

    93394d6e_by_Libranalysis

  • Size

    588KB

  • Sample

    210528-mj2qwc9z3x

  • MD5

    93394d6e0ea894922267955095fabbc9

  • SHA1

    38ac582b64fb09f212aceddf5e3cc13946c69985

  • SHA256

    7f0f199833687549249b22ec50bbcb234d2ad2b8da993a6cbc86db8a53236530

  • SHA512

    aceecbcccd6fe48586d695b0ef04d7d0b998069dbb6545dc9ca96045f896281663027cf048ce2d0f27d0e2990f03c1f592322bfa9bc9776f153d07c6993cc8e7

Malware Config

Targets

    • Target

      93394d6e_by_Libranalysis

    • Size

      588KB

    • MD5

      93394d6e0ea894922267955095fabbc9

    • SHA1

      38ac582b64fb09f212aceddf5e3cc13946c69985

    • SHA256

      7f0f199833687549249b22ec50bbcb234d2ad2b8da993a6cbc86db8a53236530

    • SHA512

      aceecbcccd6fe48586d695b0ef04d7d0b998069dbb6545dc9ca96045f896281663027cf048ce2d0f27d0e2990f03c1f592322bfa9bc9776f153d07c6993cc8e7

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex v4 Payload

      Detects Dridex v4 Payload.

    • Dridex Payload

      Detects Dridex x64 core DLL in memory.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks