General

  • Target

    6ec04246b4715c03d01bea486d2d87b7ccc4f4544d1068b59d6627811ab1c588

  • Size

    682KB

  • Sample

    220427-sq83naegbl

  • MD5

    6b869583e071fe0031ccd7c0f50c0661

  • SHA1

    a148f659ef772ea67c0b993e736a16c5f84144e7

  • SHA256

    6ec04246b4715c03d01bea486d2d87b7ccc4f4544d1068b59d6627811ab1c588

  • SHA512

    0ce428378724f7f18c302ede072a4fab3cf8660e54977dac881c9d1f8d07531f1cc8c43b70b81e5b54191db5e3f2e0c67d32e42446a6a3a6f54a4ba8982f9557

Malware Config

Targets

    • Target

      6ec04246b4715c03d01bea486d2d87b7ccc4f4544d1068b59d6627811ab1c588

    • Size

      682KB

    • MD5

      6b869583e071fe0031ccd7c0f50c0661

    • SHA1

      a148f659ef772ea67c0b993e736a16c5f84144e7

    • SHA256

      6ec04246b4715c03d01bea486d2d87b7ccc4f4544d1068b59d6627811ab1c588

    • SHA512

      0ce428378724f7f18c302ede072a4fab3cf8660e54977dac881c9d1f8d07531f1cc8c43b70b81e5b54191db5e3f2e0c67d32e42446a6a3a6f54a4ba8982f9557

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Payload

      Detects Dridex x64 core DLL in memory.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks