General

  • Target

    0be4a8ea956924495ef2a35f5bea56ac

  • Size

    1.6MB

  • Sample

    231230-c398gsgbf7

  • MD5

    0be4a8ea956924495ef2a35f5bea56ac

  • SHA1

    a638cd756c3981a9e4ceefa6379cf31534d90db4

  • SHA256

    351e750951076c33b8e4a25c8debd81c851d25c60aadd8a93b7ac141ee4fcb83

  • SHA512

    816ac008a1f96120509061bb75f8e2d5a6fdc81968c03e65f2bee26cced7f8c643233cd828c4ae1533e75c654a701392502a139431f2d189ad6c13b8db2bd757

  • SSDEEP

    12288:RVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1xs:gfP7fWsK5z9A+WGAW+V5SB6Ct4bnbxs

Malware Config

Targets

    • Target

      0be4a8ea956924495ef2a35f5bea56ac

    • Size

      1.6MB

    • MD5

      0be4a8ea956924495ef2a35f5bea56ac

    • SHA1

      a638cd756c3981a9e4ceefa6379cf31534d90db4

    • SHA256

      351e750951076c33b8e4a25c8debd81c851d25c60aadd8a93b7ac141ee4fcb83

    • SHA512

      816ac008a1f96120509061bb75f8e2d5a6fdc81968c03e65f2bee26cced7f8c643233cd828c4ae1533e75c654a701392502a139431f2d189ad6c13b8db2bd757

    • SSDEEP

      12288:RVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1xs:gfP7fWsK5z9A+WGAW+V5SB6Ct4bnbxs

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks