General

  • Target

    421e716a3f30ed5f79e946f5fddc32cac777c43bc24b469d61e135f547f0973f

  • Size

    1.2MB

  • Sample

    220301-j41h1ahbd8

  • MD5

    05afcfee9800dbd04462df571fc39b1e

  • SHA1

    3c1dfeecae8baa93207b169101f7ba10adc341cc

  • SHA256

    421e716a3f30ed5f79e946f5fddc32cac777c43bc24b469d61e135f547f0973f

  • SHA512

    bb9621e0d57030550fde55dab39b3e606a009f4a568dd52e1fb9b0b1108f45b796a1c903835c67e1b299326279cdf4e0b3aeb2c7282b0cc4b25cd08da9a2031d

Malware Config

Targets

    • Target

      421e716a3f30ed5f79e946f5fddc32cac777c43bc24b469d61e135f547f0973f

    • Size

      1.2MB

    • MD5

      05afcfee9800dbd04462df571fc39b1e

    • SHA1

      3c1dfeecae8baa93207b169101f7ba10adc341cc

    • SHA256

      421e716a3f30ed5f79e946f5fddc32cac777c43bc24b469d61e135f547f0973f

    • SHA512

      bb9621e0d57030550fde55dab39b3e606a009f4a568dd52e1fb9b0b1108f45b796a1c903835c67e1b299326279cdf4e0b3aeb2c7282b0cc4b25cd08da9a2031d

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks