4b165651a1740bfbac89a2a15423f935cf2058ce9fa79903889e04016be8344b

General
Target

4b165651a1740bfbac89a2a15423f935cf2058ce9fa79903889e04016be8344b

Size

1MB

Sample

211126-lfcs5sbeem

Score
10 /10
MD5

6d6d268e7bafbede834d84141ade7ae5

SHA1

43f460cb03c89dbf77545944c913c7fb6f0fbca6

SHA256

4b165651a1740bfbac89a2a15423f935cf2058ce9fa79903889e04016be8344b

SHA512

24f44a7fc90d8a4de0a7d47056660db46d8b09392121da615b29a9d28f3e60106a0d03b3ff4ca297c71012cca9ea98a7fc479bb839f40595befaa9cfdd21cb78

Malware Config
Targets
Target

4b165651a1740bfbac89a2a15423f935cf2058ce9fa79903889e04016be8344b

MD5

6d6d268e7bafbede834d84141ade7ae5

Filesize

1MB

Score
10/10
SHA1

43f460cb03c89dbf77545944c913c7fb6f0fbca6

SHA256

4b165651a1740bfbac89a2a15423f935cf2058ce9fa79903889e04016be8344b

SHA512

24f44a7fc90d8a4de0a7d47056660db46d8b09392121da615b29a9d28f3e60106a0d03b3ff4ca297c71012cca9ea98a7fc479bb839f40595befaa9cfdd21cb78

Tags

Signatures

  • Dridex

    Description

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    Tags

  • Dridex Shellcode

    Description

    Detects Dridex Payload shellcode injected in Explorer process.

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation