General

  • Target

    f6c643e1e29177914ad70b4c2b40d28d9d05b0518bfb358888bab8f68736f118

  • Size

    886KB

  • Sample

    220417-jrkxsabecj

  • MD5

    471a11a667025ad95b5c6ee9690d7036

  • SHA1

    27e65af61719544741b1efb7065e8172534f1acd

  • SHA256

    f6c643e1e29177914ad70b4c2b40d28d9d05b0518bfb358888bab8f68736f118

  • SHA512

    e1b7d25e163dd1264e456bcb6b494a43a1392ee5766f05e57dea9e4ec9fde6056177ca5f52d323837fc8f21c93ce2beaf836fc533c123952ec65b3d0832ae327

Malware Config

Targets

    • Target

      f6c643e1e29177914ad70b4c2b40d28d9d05b0518bfb358888bab8f68736f118

    • Size

      886KB

    • MD5

      471a11a667025ad95b5c6ee9690d7036

    • SHA1

      27e65af61719544741b1efb7065e8172534f1acd

    • SHA256

      f6c643e1e29177914ad70b4c2b40d28d9d05b0518bfb358888bab8f68736f118

    • SHA512

      e1b7d25e163dd1264e456bcb6b494a43a1392ee5766f05e57dea9e4ec9fde6056177ca5f52d323837fc8f21c93ce2beaf836fc533c123952ec65b3d0832ae327

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks