General

  • Target

    bf8c9af77542db3ba0b3962dc7ba4f6c7728848dd787c6398cfd34cd3e2ca023

  • Size

    1MB

  • Sample

    220419-ev9yvsbefn

  • MD5

    872285aa166d50053d31b95d2a606b06

  • SHA1

    bc1146ea0a5a91e007e2c2a3a94530bdb5d655e8

  • SHA256

    bf8c9af77542db3ba0b3962dc7ba4f6c7728848dd787c6398cfd34cd3e2ca023

  • SHA512

    8d347c166e06a791b452fb6c542509977cf09a0202e09ea94adab4f63a8d43c78ca52533b923499e94a264caad363a2f8d9c741f4cbb47640702c0761a8fa6eb

Malware Config

Targets

    • Target

      bf8c9af77542db3ba0b3962dc7ba4f6c7728848dd787c6398cfd34cd3e2ca023

    • Size

      1MB

    • MD5

      872285aa166d50053d31b95d2a606b06

    • SHA1

      bc1146ea0a5a91e007e2c2a3a94530bdb5d655e8

    • SHA256

      bf8c9af77542db3ba0b3962dc7ba4f6c7728848dd787c6398cfd34cd3e2ca023

    • SHA512

      8d347c166e06a791b452fb6c542509977cf09a0202e09ea94adab4f63a8d43c78ca52533b923499e94a264caad363a2f8d9c741f4cbb47640702c0761a8fa6eb

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Modifies Installed Components in the registry

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

2
T1060

Defense Evasion

Modify Registry

2
T1112

Discovery

System Information Discovery

4
T1082

Query Registry

3
T1012

Peripheral Device Discovery

2
T1120

Tasks