General

  • Target

    b00840048749257957b81d41979187a60a83d52fbe57998630873729a94ffd79

  • Size

    1.2MB

  • Sample

    211126-lhpkqaegh7

  • MD5

    12a2429bc9990f1631ce12341895db8c

  • SHA1

    0ee8f6d9b2ce34403e841a39a5f92c6d8138dc42

  • SHA256

    b00840048749257957b81d41979187a60a83d52fbe57998630873729a94ffd79

  • SHA512

    cd85e51fe53befd08ce8707d354ba2a1e519dc5444cc81dd625342af64de9f93de947dcb845c652ad13012c22e056851d2c11eb236086607560e16b829f0a8df

Malware Config

Targets

    • Target

      b00840048749257957b81d41979187a60a83d52fbe57998630873729a94ffd79

    • Size

      1.2MB

    • MD5

      12a2429bc9990f1631ce12341895db8c

    • SHA1

      0ee8f6d9b2ce34403e841a39a5f92c6d8138dc42

    • SHA256

      b00840048749257957b81d41979187a60a83d52fbe57998630873729a94ffd79

    • SHA512

      cd85e51fe53befd08ce8707d354ba2a1e519dc5444cc81dd625342af64de9f93de947dcb845c652ad13012c22e056851d2c11eb236086607560e16b829f0a8df

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks