General

  • Target

    103bce51e2fb20c197343aaf2d602bad

  • Size

    656KB

  • Sample

    231230-gdknrafbgq

  • MD5

    103bce51e2fb20c197343aaf2d602bad

  • SHA1

    3df0dcccbce4abeb9639358e234e30055f569a7a

  • SHA256

    b95c5ad1c557db07298ed44764a8ba2b022c508ccef0f1a4ff87bf813e3e2463

  • SHA512

    31240770fd9725ba0d28450f245f28d4a1eb751067aa0252bb5c35e31ff9c8bdf406dbf2d2715d78fb8508fbfc3808a0f04ab59c195763e2b12b267ba924be6b

  • SSDEEP

    12288:cKYQ5LL540CV3UIeLPrleV1F0e8gMA/9L0l3HATpKR4:dYQ5p4f0POF0nkls3opKR

Malware Config

Targets

    • Target

      103bce51e2fb20c197343aaf2d602bad

    • Size

      656KB

    • MD5

      103bce51e2fb20c197343aaf2d602bad

    • SHA1

      3df0dcccbce4abeb9639358e234e30055f569a7a

    • SHA256

      b95c5ad1c557db07298ed44764a8ba2b022c508ccef0f1a4ff87bf813e3e2463

    • SHA512

      31240770fd9725ba0d28450f245f28d4a1eb751067aa0252bb5c35e31ff9c8bdf406dbf2d2715d78fb8508fbfc3808a0f04ab59c195763e2b12b267ba924be6b

    • SSDEEP

      12288:cKYQ5LL540CV3UIeLPrleV1F0e8gMA/9L0l3HATpKR4:dYQ5p4f0POF0nkls3opKR

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks