General

  • Target

    a6d6e8abe954009c5ef7dc3ad2be26bb

  • Size

    2.0MB

  • Sample

    231222-qvqqrsabam

  • MD5

    a6d6e8abe954009c5ef7dc3ad2be26bb

  • SHA1

    a1fa918f9825eb2180ad7e75021d6ce09e5c8d70

  • SHA256

    4ba6b0bbabca79738b3202b7b37a833f213eaa5fe2034644e6faf8b0a26e379f

  • SHA512

    c6e031de74c600ad9e84a6606a6432ff498b731b4cafdbd8460961a6972397e8c2cacea84e4951897090ce6a78f11988fa0f255b968caeff6b12626c6cb7c1d2

  • SSDEEP

    12288:nVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1RU:OfP7fWsK5z9A+WGAW+V5SB6Ct4bnbR

Malware Config

Targets

    • Target

      a6d6e8abe954009c5ef7dc3ad2be26bb

    • Size

      2.0MB

    • MD5

      a6d6e8abe954009c5ef7dc3ad2be26bb

    • SHA1

      a1fa918f9825eb2180ad7e75021d6ce09e5c8d70

    • SHA256

      4ba6b0bbabca79738b3202b7b37a833f213eaa5fe2034644e6faf8b0a26e379f

    • SHA512

      c6e031de74c600ad9e84a6606a6432ff498b731b4cafdbd8460961a6972397e8c2cacea84e4951897090ce6a78f11988fa0f255b968caeff6b12626c6cb7c1d2

    • SSDEEP

      12288:nVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1RU:OfP7fWsK5z9A+WGAW+V5SB6Ct4bnbR

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks