General

  • Target

    c0f301d31e6b920ffb47c6ed0023886a

  • Size

    1.7MB

  • Sample

    231222-rrgt5acdc5

  • MD5

    c0f301d31e6b920ffb47c6ed0023886a

  • SHA1

    18d973bc0c0c32d53929c56901fc32c1c41096e4

  • SHA256

    b32bc6e90360943102aa8e6d928d038c23ac1c736c6377bbae67eb24121eec66

  • SHA512

    c395e0c39556801398ed9d07b2a8b0556562f0672357271d5be82bbd44ab644a40d3b34f7e7bffd5d53e079c968d9f95a9a0dbafae499e2196c15bef2565053b

  • SSDEEP

    12288:WVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:LfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Malware Config

Targets

    • Target

      c0f301d31e6b920ffb47c6ed0023886a

    • Size

      1.7MB

    • MD5

      c0f301d31e6b920ffb47c6ed0023886a

    • SHA1

      18d973bc0c0c32d53929c56901fc32c1c41096e4

    • SHA256

      b32bc6e90360943102aa8e6d928d038c23ac1c736c6377bbae67eb24121eec66

    • SHA512

      c395e0c39556801398ed9d07b2a8b0556562f0672357271d5be82bbd44ab644a40d3b34f7e7bffd5d53e079c968d9f95a9a0dbafae499e2196c15bef2565053b

    • SSDEEP

      12288:WVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:LfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks