General

  • Target

    bf83f413c510cb1e99240183337a4056615f16d4a579d4227f74f080dffbfed0

  • Size

    1.3MB

  • Sample

    211126-lfcs5sege2

  • MD5

    ea8f8ba711d9aed9d2f3fa4315dffb76

  • SHA1

    234ca58512cecae30be256089c1d9f39bd55d116

  • SHA256

    bf83f413c510cb1e99240183337a4056615f16d4a579d4227f74f080dffbfed0

  • SHA512

    54473e1e81306e8d17317aa01cb8f184d0c82b534e8530b3bab499e27b1dc2c55b2163e61b535df817d732e74b2644e3615e0831d7e462d6f6b7e21f4c396270

Malware Config

Targets

    • Target

      bf83f413c510cb1e99240183337a4056615f16d4a579d4227f74f080dffbfed0

    • Size

      1.3MB

    • MD5

      ea8f8ba711d9aed9d2f3fa4315dffb76

    • SHA1

      234ca58512cecae30be256089c1d9f39bd55d116

    • SHA256

      bf83f413c510cb1e99240183337a4056615f16d4a579d4227f74f080dffbfed0

    • SHA512

      54473e1e81306e8d17317aa01cb8f184d0c82b534e8530b3bab499e27b1dc2c55b2163e61b535df817d732e74b2644e3615e0831d7e462d6f6b7e21f4c396270

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks