General
-
Target
86bcfce2dd342e9a1c04cfc65731d40ed1c397a4ec47bd9f5b41771297d81100.zip
-
Size
502KB
-
Sample
230310-m4py2seg5s
-
MD5
4f39521ae378f8b7acc96ff1275bc4b9
-
SHA1
32d12e41fa0e41ef53b131b354f4da182597813b
-
SHA256
c628d9de914a3bf9ae9ae4ed0f1e5c25e08a87419bdb8292e44ade1c7f09c76d
-
SHA512
5c1063222028a41990dcfec2d4d3e47b205900dbb206f893c0a177efe6efc57e12ac95339744cab0008386873c51b09bc4b7242e1f141258251a229bd6d30a9b
-
SSDEEP
12288:6aNiMqi9TP+KoOThJcXOky226THqjsXBlY5FgkogZfru:DNFh9TVoq4y22oKjsXBK4ko86
Malware Config
Targets
-
-
Target
86bcfce2dd342e9a1c04cfc65731d40ed1c397a4ec47bd9f5b41771297d81100.exe
-
Size
768KB
-
MD5
bd5cfa593ed87901f8184eaa44c0a8b8
-
SHA1
963a57fb83ca6361624fb057058ea4fb538015dc
-
SHA256
86bcfce2dd342e9a1c04cfc65731d40ed1c397a4ec47bd9f5b41771297d81100
-
SHA512
f6235abb0503db5a7cc7a0f6d2a4682db1491127a4f5700d3f68e15535b838651e1df8a8292643e46febb678e16abe9f36f6990db57db3f58c60ceae186ae489
-
SSDEEP
12288:4lORVEAueQmTmQKO2nMlqVaSEwzH7YxiCyJ86azEZy1f11pNx:8ORVEVNmaDznMlqVNE27dJ8J2inNx
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Shellcode
Detects Dridex Payload shellcode injected in Explorer process.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Modify Registry
1Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Registry Run Keys / Startup Folder
1Privilege Escalation