General

  • Target

    d615a208ca1edee7c892dacc20ea2ab8b43114fbb9ef8efafdb377d2365452dd

  • Size

    918KB

  • Sample

    220414-gpl1yshadj

  • MD5

    00fc6f9a3b84c9a2848630b14deb3912

  • SHA1

    f7b970539b7161b32a9758a01a7822f8e268def2

  • SHA256

    d615a208ca1edee7c892dacc20ea2ab8b43114fbb9ef8efafdb377d2365452dd

  • SHA512

    48950387472fd7c99985864d3185da6dfe492562e1588bef79c827a4242add13f21de2cdbc8d69119840bd32e766e7c3686a066ba57802d8abe8313d15988470

Malware Config

Targets

    • Target

      d615a208ca1edee7c892dacc20ea2ab8b43114fbb9ef8efafdb377d2365452dd

    • Size

      918KB

    • MD5

      00fc6f9a3b84c9a2848630b14deb3912

    • SHA1

      f7b970539b7161b32a9758a01a7822f8e268def2

    • SHA256

      d615a208ca1edee7c892dacc20ea2ab8b43114fbb9ef8efafdb377d2365452dd

    • SHA512

      48950387472fd7c99985864d3185da6dfe492562e1588bef79c827a4242add13f21de2cdbc8d69119840bd32e766e7c3686a066ba57802d8abe8313d15988470

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Payload

      Detects Dridex x64 core DLL in memory.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks