General

  • Target

    b9857acd5b2f41fc5e9326f126fc1aee

  • Size

    1.7MB

  • Sample

    231222-rg54zaacc2

  • MD5

    b9857acd5b2f41fc5e9326f126fc1aee

  • SHA1

    0b4577f8a7347366fb2f6cf36c699cd98baea410

  • SHA256

    5133b9c64e66f2e6782e2d65d1ef4c56ba8d71c42f86774a11987c212e43c8d6

  • SHA512

    f00789d356b66416fd740e6e59b8a8489ea465fd611f83bd6224c9560082e732dd2f7672fc01ae8c7a59a8405359f67b4e73e523718d3bb5f38a9fa18befc28e

  • SSDEEP

    12288:LVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1K:KfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Malware Config

Targets

    • Target

      b9857acd5b2f41fc5e9326f126fc1aee

    • Size

      1.7MB

    • MD5

      b9857acd5b2f41fc5e9326f126fc1aee

    • SHA1

      0b4577f8a7347366fb2f6cf36c699cd98baea410

    • SHA256

      5133b9c64e66f2e6782e2d65d1ef4c56ba8d71c42f86774a11987c212e43c8d6

    • SHA512

      f00789d356b66416fd740e6e59b8a8489ea465fd611f83bd6224c9560082e732dd2f7672fc01ae8c7a59a8405359f67b4e73e523718d3bb5f38a9fa18befc28e

    • SSDEEP

      12288:LVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1K:KfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks