General

  • Target

    c9a74aa4f76c6f15d025c9e2baeba73f

  • Size

    2.5MB

  • Sample

    231222-r4d9rsfac5

  • MD5

    c9a74aa4f76c6f15d025c9e2baeba73f

  • SHA1

    1669707d8ab584322fba5243d412c89d65193288

  • SHA256

    ba9589e7b20b301c7f3f9b947f2ddb7ecab4732088578fc68004322a79627bf8

  • SHA512

    aba4c85cece53fe62084f928a49fa83c919796c4861da57211f7f46e65c0beedcf659a498378b741fc235899ecc22463ab037e70af2732cf575d66cf26b2cab2

  • SSDEEP

    12288:TVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1PIUYHU:CfP7fWsK5z9A+WGAW+V5SB6Ct4bnbMH

Malware Config

Targets

    • Target

      c9a74aa4f76c6f15d025c9e2baeba73f

    • Size

      2.5MB

    • MD5

      c9a74aa4f76c6f15d025c9e2baeba73f

    • SHA1

      1669707d8ab584322fba5243d412c89d65193288

    • SHA256

      ba9589e7b20b301c7f3f9b947f2ddb7ecab4732088578fc68004322a79627bf8

    • SHA512

      aba4c85cece53fe62084f928a49fa83c919796c4861da57211f7f46e65c0beedcf659a498378b741fc235899ecc22463ab037e70af2732cf575d66cf26b2cab2

    • SSDEEP

      12288:TVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1PIUYHU:CfP7fWsK5z9A+WGAW+V5SB6Ct4bnbMH

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks