General

  • Target

    e123d54b17c5dba50509d3d0abdd61cf01d27eaf82e7d810351c550f018636ff

  • Size

    881KB

  • Sample

    220417-hx8elaabcr

  • MD5

    ef39ac4244c3fc0ee69d71563bcdb993

  • SHA1

    bb3f3706cced11a8140015d587654640cbeb99bb

  • SHA256

    e123d54b17c5dba50509d3d0abdd61cf01d27eaf82e7d810351c550f018636ff

  • SHA512

    11cc5fa8bc6f479bcbaa11332dbf6c47b5bc3d742bfaca8ec52aa929c8857db9bd2de99148006c89695c37b13601ba2e712f48f5d57deff95d36c99ed7fac33e

Malware Config

Targets

    • Target

      e123d54b17c5dba50509d3d0abdd61cf01d27eaf82e7d810351c550f018636ff

    • Size

      881KB

    • MD5

      ef39ac4244c3fc0ee69d71563bcdb993

    • SHA1

      bb3f3706cced11a8140015d587654640cbeb99bb

    • SHA256

      e123d54b17c5dba50509d3d0abdd61cf01d27eaf82e7d810351c550f018636ff

    • SHA512

      11cc5fa8bc6f479bcbaa11332dbf6c47b5bc3d742bfaca8ec52aa929c8857db9bd2de99148006c89695c37b13601ba2e712f48f5d57deff95d36c99ed7fac33e

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks