General

  • Target

    7fb4c95a329b24e6ab6742747cf896ae5125599548d38388fcb887b3fb871339

  • Size

    1.4MB

  • Sample

    220323-jzgkbsedcl

  • MD5

    76a03b741a85be73b47b1a72cea1becb

  • SHA1

    f453704ee0177d5771766870bc871e7c048a6c61

  • SHA256

    7fb4c95a329b24e6ab6742747cf896ae5125599548d38388fcb887b3fb871339

  • SHA512

    86c59d8d2c2111175d541dd17ecc7b1ab89eb0e5400f2db21d70346af7871d2ac3008aca9ec762bbd7508b2c8ac9122111bfc83356c1d413bf1c693fbc74ec95

Malware Config

Targets

    • Target

      7fb4c95a329b24e6ab6742747cf896ae5125599548d38388fcb887b3fb871339

    • Size

      1.4MB

    • MD5

      76a03b741a85be73b47b1a72cea1becb

    • SHA1

      f453704ee0177d5771766870bc871e7c048a6c61

    • SHA256

      7fb4c95a329b24e6ab6742747cf896ae5125599548d38388fcb887b3fb871339

    • SHA512

      86c59d8d2c2111175d541dd17ecc7b1ab89eb0e5400f2db21d70346af7871d2ac3008aca9ec762bbd7508b2c8ac9122111bfc83356c1d413bf1c693fbc74ec95

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks