General

  • Target

    cabc7c9cbb175e16012a5332baab93c5

  • Size

    1.5MB

  • Sample

    231222-r5ksyafch5

  • MD5

    cabc7c9cbb175e16012a5332baab93c5

  • SHA1

    22b1236aa406b31e70be67e46048808c586a83cb

  • SHA256

    802a3e91818f0033e304ca44d233253182af1a0afd5a9cb1c7dd81e2e6f0ae71

  • SHA512

    a1f33e6073ce7d427f6cc3d9ce75e23e8410448c3af04647211c7d6db9c5e5bf14c8a24c0885217fc170195ed2aae05353e9b847a198d2613468ceba0555cdfa

  • SSDEEP

    12288:wVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:1fP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Malware Config

Targets

    • Target

      cabc7c9cbb175e16012a5332baab93c5

    • Size

      1.5MB

    • MD5

      cabc7c9cbb175e16012a5332baab93c5

    • SHA1

      22b1236aa406b31e70be67e46048808c586a83cb

    • SHA256

      802a3e91818f0033e304ca44d233253182af1a0afd5a9cb1c7dd81e2e6f0ae71

    • SHA512

      a1f33e6073ce7d427f6cc3d9ce75e23e8410448c3af04647211c7d6db9c5e5bf14c8a24c0885217fc170195ed2aae05353e9b847a198d2613468ceba0555cdfa

    • SSDEEP

      12288:wVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:1fP7fWsK5z9A+WGAW+V5SB6Ct4bnb

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks