General
-
Target
6712500bb0de148a99ec940160d3d61850e2ce3803adca8f39e9fa8621b8ea6f.zip
-
Size
562KB
-
Sample
230310-nl5r8add47
-
MD5
28c1d9a16336495b0d8a1bd10a1dfeeb
-
SHA1
97b666bfea21c548de60bcffef6d94c687a8c8cb
-
SHA256
3edefeee4c0ac1941a721591d6238220480626b96499bac99e4985f0ed10a1e2
-
SHA512
22e20c61ef8de8e5d0e7511a661be71c93689d8852eb7d522d1910b8a5b9c0f630d28b8cf60da7fdffa1b57ae2b1fecb74340cec94cb82cbf257246444ee1b4b
-
SSDEEP
12288:zXnHARhx9N7COTRz0CjlJTDrSTVb4QFklcErINS2J/1BtLOv0FM5:zXnHARhx9N7COVz0UDu57BErIYYD60Fe
Malware Config
Targets
-
-
Target
6712500bb0de148a99ec940160d3d61850e2ce3803adca8f39e9fa8621b8ea6f.exe
-
Size
1MB
-
MD5
369638ac700f3c41ebaba447d4048ff8
-
SHA1
6c50a1abf9dc992e74a73279d40fb1a09368cdfe
-
SHA256
6712500bb0de148a99ec940160d3d61850e2ce3803adca8f39e9fa8621b8ea6f
-
SHA512
5f7a1913e83cd443a3339af0a52c04a4de17c67be480646d9bb02c984196a0a1ec3d7419ee88ca12d219af927aad1859c47372e08ba6a7a35ad956d5dc4ce7f5
-
SSDEEP
12288:ClORVEAueQmTmQKO2nMlqVaSEwzH7YxiCyJ86azEZy1f11pNxWOLPa:GORVEVNmaDznMlqVNE27dJ8J2inNxn
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Shellcode
Detects Dridex Payload shellcode injected in Explorer process.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Modify Registry
1Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Registry Run Keys / Startup Folder
1Privilege Escalation