General

  • Target

    976d851bd53802c1e6511fe8b7de5c88

  • Size

    1.6MB

  • Sample

    231222-qbkemsdedr

  • MD5

    976d851bd53802c1e6511fe8b7de5c88

  • SHA1

    cb45d84ac8faed1975070c1ab79487c0d286934b

  • SHA256

    9f63a0993138b062713bfc05c51ad8346a31ca1f46105d9d6c2a6f841fb68898

  • SHA512

    35261cd7eafdcdce79b224eabf9210516668a1b7c6a118c82e0ae26d75678f7db21f429dfa705b9161a268dacf2fb258664e9674dd44864ba2d8a9c72a26c95a

  • SSDEEP

    12288:aVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:HfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Malware Config

Targets

    • Target

      976d851bd53802c1e6511fe8b7de5c88

    • Size

      1.6MB

    • MD5

      976d851bd53802c1e6511fe8b7de5c88

    • SHA1

      cb45d84ac8faed1975070c1ab79487c0d286934b

    • SHA256

      9f63a0993138b062713bfc05c51ad8346a31ca1f46105d9d6c2a6f841fb68898

    • SHA512

      35261cd7eafdcdce79b224eabf9210516668a1b7c6a118c82e0ae26d75678f7db21f429dfa705b9161a268dacf2fb258664e9674dd44864ba2d8a9c72a26c95a

    • SSDEEP

      12288:aVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:HfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks