General

  • Target

    8d5eff954d4007b82f25726e186a63c143a7ff8d08a5ef97b126af4b1b59e420

  • Size

    1000KB

  • Sample

    220419-ewjhasbehl

  • MD5

    d7a528bb13724df58aaa94592ae77705

  • SHA1

    645926db80190683e6da70f5c1ef23064de9e112

  • SHA256

    8d5eff954d4007b82f25726e186a63c143a7ff8d08a5ef97b126af4b1b59e420

  • SHA512

    4bff9527c37b785d468bb0162ce1904d340f87ef1ad713f055380f39e9af338efc539238939bc68bfe09cd0f678bed0caf26d3640abdadcc12390fa257d77abc

Malware Config

Targets

    • Target

      8d5eff954d4007b82f25726e186a63c143a7ff8d08a5ef97b126af4b1b59e420

    • Size

      1000KB

    • MD5

      d7a528bb13724df58aaa94592ae77705

    • SHA1

      645926db80190683e6da70f5c1ef23064de9e112

    • SHA256

      8d5eff954d4007b82f25726e186a63c143a7ff8d08a5ef97b126af4b1b59e420

    • SHA512

      4bff9527c37b785d468bb0162ce1904d340f87ef1ad713f055380f39e9af338efc539238939bc68bfe09cd0f678bed0caf26d3640abdadcc12390fa257d77abc

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks