General

  • Target

    545ad887af8d8588ce8b919f320a8b9ae0acfc926a3a9385df2751ab3cdec949

  • Size

    1MB

  • Sample

    220419-exyzdabgbm

  • MD5

    9695e76c854bada80b3d1b54d7ff492c

  • SHA1

    9001b73c1570ec65cc1bc89216adc846bb06e083

  • SHA256

    545ad887af8d8588ce8b919f320a8b9ae0acfc926a3a9385df2751ab3cdec949

  • SHA512

    0874b871365cd2d74b92cb71d0d57799c04e76d5ccbea57d48de8fc7c550ae087b34848e21253bc9295c0c78d26db81c42bdb71af7ffdfeabf7e72a81268a2d1

Malware Config

Targets

    • Target

      545ad887af8d8588ce8b919f320a8b9ae0acfc926a3a9385df2751ab3cdec949

    • Size

      1MB

    • MD5

      9695e76c854bada80b3d1b54d7ff492c

    • SHA1

      9001b73c1570ec65cc1bc89216adc846bb06e083

    • SHA256

      545ad887af8d8588ce8b919f320a8b9ae0acfc926a3a9385df2751ab3cdec949

    • SHA512

      0874b871365cd2d74b92cb71d0d57799c04e76d5ccbea57d48de8fc7c550ae087b34848e21253bc9295c0c78d26db81c42bdb71af7ffdfeabf7e72a81268a2d1

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Modifies Installed Components in the registry

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

4
T1082

Query Registry

3
T1012

Peripheral Device Discovery

2
T1120

Tasks