General

  • Target

    963d9ea609a8a75d2db27496299e038e03488eb97761b94aef4623234b378180

  • Size

    965KB

  • Sample

    220419-ewffmsbegk

  • MD5

    f79b9d31dbc3a647c1311c03281053f0

  • SHA1

    48ae9826cc5e309fe10982ab42e7913d1e2ebf8a

  • SHA256

    963d9ea609a8a75d2db27496299e038e03488eb97761b94aef4623234b378180

  • SHA512

    1469b8fa0c88c634538c01e260b8a5fdc268b2f46d7268a912d6680d5b56c0ee05f1daadf8512d7defd22297a2c5a865960aae12397a365625e233f204d111d6

Malware Config

Targets

    • Target

      963d9ea609a8a75d2db27496299e038e03488eb97761b94aef4623234b378180

    • Size

      965KB

    • MD5

      f79b9d31dbc3a647c1311c03281053f0

    • SHA1

      48ae9826cc5e309fe10982ab42e7913d1e2ebf8a

    • SHA256

      963d9ea609a8a75d2db27496299e038e03488eb97761b94aef4623234b378180

    • SHA512

      1469b8fa0c88c634538c01e260b8a5fdc268b2f46d7268a912d6680d5b56c0ee05f1daadf8512d7defd22297a2c5a865960aae12397a365625e233f204d111d6

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks