General
-
Target
6712500bb0de148a99ec940160d3d61850e2ce3803adca8f39e9fa8621b8ea6f.zip
-
Size
562KB
-
Sample
230310-m4rsmsda64
-
MD5
903ccb825f4a71f7534dcb366b248187
-
SHA1
e5871792776931df8796d59e60a952e90ff3f5f5
-
SHA256
099453c91273de0d37d5b78fb9caa6499799e26c06b8120f3c039bd7a7f56933
-
SHA512
2cca0619d205b18314c18dc0dfdbda3bbf15b86565c1c09be82f2ce4e80f869ae6094051631dff42ec4b66d9f1232f67b77842b7d7e0858be30322ce342ddf8a
-
SSDEEP
12288:AZZ90xHJa3H94F8/vmjhb36Ks3SKEaDxrCG:K0xH83HDm0Rb1rT
Malware Config
Targets
-
-
Target
6712500bb0de148a99ec940160d3d61850e2ce3803adca8f39e9fa8621b8ea6f.exe
-
Size
1MB
-
MD5
369638ac700f3c41ebaba447d4048ff8
-
SHA1
6c50a1abf9dc992e74a73279d40fb1a09368cdfe
-
SHA256
6712500bb0de148a99ec940160d3d61850e2ce3803adca8f39e9fa8621b8ea6f
-
SHA512
5f7a1913e83cd443a3339af0a52c04a4de17c67be480646d9bb02c984196a0a1ec3d7419ee88ca12d219af927aad1859c47372e08ba6a7a35ad956d5dc4ce7f5
-
SSDEEP
12288:ClORVEAueQmTmQKO2nMlqVaSEwzH7YxiCyJ86azEZy1f11pNxWOLPa:GORVEVNmaDznMlqVNE27dJ8J2inNxn
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Shellcode
Detects Dridex Payload shellcode injected in Explorer process.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Modify Registry
1Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Registry Run Keys / Startup Folder
1Privilege Escalation