General

  • Target

    bed12246372f12b83aeea6640402193c039e9c5fae6d9b4fc131c4f08a1a594d

  • Size

    693KB

  • Sample

    220419-ew9z9afca3

  • MD5

    9a9b784042d6376a3ef48cf2cc1424cd

  • SHA1

    b455c305fd04b1dafca8fafd90f3d799c7faedd0

  • SHA256

    bed12246372f12b83aeea6640402193c039e9c5fae6d9b4fc131c4f08a1a594d

  • SHA512

    9f4bab5d9a291a673a62f96945759286ab6648ed16beaeff47877a81048ee47ce408c4b351cd249965c862505230e526822ec13488cef46f76af770ad4e582c6

Malware Config

Targets

    • Target

      bed12246372f12b83aeea6640402193c039e9c5fae6d9b4fc131c4f08a1a594d

    • Size

      693KB

    • MD5

      9a9b784042d6376a3ef48cf2cc1424cd

    • SHA1

      b455c305fd04b1dafca8fafd90f3d799c7faedd0

    • SHA256

      bed12246372f12b83aeea6640402193c039e9c5fae6d9b4fc131c4f08a1a594d

    • SHA512

      9f4bab5d9a291a673a62f96945759286ab6648ed16beaeff47877a81048ee47ce408c4b351cd249965c862505230e526822ec13488cef46f76af770ad4e582c6

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Payload

      Detects Dridex x64 core DLL in memory.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks